25 matches found
Security Bulletin:Safe Join Function Vulnerability Fixed in Werkzeug v3.1.6
Summary Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fac...
CVE-2026-25359
Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through 3.1.5...
CVE-2026-25359
CVE-2026-25359 describes a Deserialization of Untrusted Data vulnerability in the Pendulum theme for WordPress, allowing PHP Object Injection. Affected software: Pendulum from no public earliest version up to
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +29 more potentially affected by CVE-2025-65995 via apache-airflow (>=3.0.0rc4 <=3.1.5)
apache-airflow PYPI version =3.0.0rc4, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.1, =1.6.0, =1.5.3, =1.25.0rc1, =3.12.0, =0.0.4, =2.0.2, =2.3.0rc1 and more Source cves: CVE-2025-65995 Source advisory: OSV:GHSA-GFW7-2V73-69WG...
CVE-2026-21287
CVE-2026-21287 affects Substance3D Stager
CVE-2025-68887
CVE-2025-68887 refers to a Reflected XSS in the WP-BusinessDirectory (WordPress) plugin. The Wordfence Vulnerability Report lists WP-BusinessDirectory
WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Grand Blog versions 3.1.5...
CVE-2025-64237
CVE-2025-64237 is a CSRF vulnerability in the WordPress plugin Quick Interest Slider (versions up to 3.1.5). The issue allows cross-site request forgery in the affected plugin. Public sources (e.g., Patchstack/WordPress CVE notes) indicate upgrading to a newer release is recommended, but the exac...
CVE-2025-64531
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-64531
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-61835 Substance3D - Stager | Integer Underflow (Wrap or Wraparound) (CWE-191)
Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-64531 Substance3D - Stager | Use After Free (CWE-416)
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-61834 Substance3D - Stager | Use After Free (CWE-416)
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-61834
Adobe Substance3D Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability (CVE-2025-61834) that could allow arbitrary code execution in the context of the current user and requires the victim to open a malicious file. The connected Nessus advisory APSB25-113 references ad...
CVE-2025-61834 Substance3D - Stager | Use After Free (CWE-416)
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2025-46548
Name of the Vulnerable Software and Affected Versions Substance3D - Stager versions 3.1.5 and earlier Description A Use After Free issue exists in Substance3D - Stager. Successful exploitation could lead to arbitrary code execution with the privileges of the current user. User interaction is...
EUVD-2025-28109
Malicious code in bioql PyPI...
CVE-2023-45637
Unauth. Reflected Cross-Site Scripting XSS vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin = 3.1.5 versions...
CVE-2022-47422
Cross-Site Request Forgery CSRF vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin = 3.1.5 versions...
WordPress plugin FULL – Cliente SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin...