Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bolt vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-7236
The Backup Bolt WordPress plugin up to and including 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated malicious users to retrieve the debug log which may contain information like system errors which c...
NA
CVE-2023-5214
In Puppet Bolt versions before 3.27.4, a path to escalate privileges was identified.
Puppet Bolt
NA
CVE-2022-36532
Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.
Bolt Bolt Cms
NA
CVE-2022-31321
The foldername parameter in Bolt 5.1.7 exists to have incorrect input validation, allowing malicious users to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input.
Boltcms Bolt
NA
CVE-2022-2394
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
Perforce Puppet Bolt
6.5
CVSSv2
CVE-2021-40219
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated malicious user to edit theme to inject server-side template injection that leads to remote code execution.
Bolt Bolt Cms
1 Github repository
4
CVSSv2
CVE-2021-27022
A flaw exists in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).
Puppet Puppet
Puppet Puppet Enterprise
5
CVSSv2
CVE-2021-27367
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt prior to 4.1.13 allow Directory Traversal.
Boltcms Bolt
5
CVSSv2
CVE-2020-28925
Bolt prior to 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.
Boltcms Bolt
4.3
CVSSv2
CVE-2020-7370
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an malicious user to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and pr...
Boltbrowser Bolt Browser
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »