3 matches found
BIT-JRE-2026-23865
An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...
CVE-2023-53902
CVE-2023-53902 affects WebsiteBaker 2.13.3 with a directory traversal vulnerability in the /admin/media/delete.php endpoint. An authenticated attacker can delete arbitrary files by manipulating directory path parameters, exploiting traversal sequences to access files outside the intended director...
PT-2025-51751
Name of the Vulnerable Software and Affected Versions WebsiteBaker version 2.13.3 Description WebsiteBaker version 2.13.3 has a stored cross-site scripting issue. Authenticated users can upload malicious SVG files containing JavaScript. Uploading crafted SVG files with script tags allows for...