9 matches found
PT-2026-37031
The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload icons function workflow using a user-controlled upload path mfn-icon-upload in a filesystem move operation without constraining it to the uploads directory...
PT-2026-37030
Name of the Vulnerable Software and Affected Versions Betheme versions prior to 28.5 Description The Betheme theme for WordPress allows authenticated attackers with author-level access or higher to upload arbitrary files, including PHP scripts. This occurs because the upload icons function moves...
WordPress Betheme theme <= 28.4 - Authenticated (Contributor+) Arbitrary File Deletion vulnerability
Authenticated Contributor+ Arbitrary File Deletion vulnerability discovered by ? in WordPress Theme Betheme versions = 28.4...
CVE-2025-62613
VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting XSS vulnerability exists on examples/control.html through the room parameter, which is improperly sanitized before being rendered in...
CVE-2025-62613 VDO.Ninja Reflected XSS Vulnerability in control.html
VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting XSS vulnerability exists on examples/control.html through the room parameter, which is improperly sanitized before being rendered in...
CVE-2025-62613 VDO.Ninja Reflected XSS Vulnerability in control.html
VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting XSS vulnerability exists on examples/control.html through the room parameter, which is improperly sanitized before being rendered in...
CVE-2025-62613 VDO.Ninja Reflected XSS Vulnerability in control.html
VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting XSS vulnerability exists on examples/control.html through the room parameter, which is improperly sanitized before being rendered in...
PT-2025-43408
Name of the Vulnerable Software and Affected Versions VDO.Ninja versions 28.0 through 28.3 Description VDO.Ninja is a tool used to integrate remote video feeds into studio software via WebRTC. A reflected Cross-Site Scripting XSS issue exists in the examples/control.html file through the room...
CVE-2024-20792
Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...