CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

90 matches found

NVD•added yesterday•5 views

CVE-2026-56032

Subscriber PHP Object Injection in Buddyboss Platform = 3.0.4 versions...

9.8CVSS

Exploits0References1

CVE•added yesterday•10 views

CVE-2026-56032

The CVE-2026-56032 entry concerns a PHP Object Injection vulnerability in the WordPress BuddyBoss Platform plugin, affecting versions up to 3.0.4. The root cause is described as Subscriber PHP Object Injection within BuddyBoss Platform <= 3.0.4. Documented in Patchstack and CVE records, the vu...

9.8CVSS5.8AI score

Exploits0References1

EUVD•added yesterday•4 views

EUVD-2026-39695

Subscriber PHP Object Injection in Buddyboss Platform = 3.0.4 versions...

9.8CVSS5.8AI score

Exploits0References1

Cvelist•added yesterday•16 views

CVE-2026-56032 WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Buddyboss Platform = 3.0.4 versions...

9.8CVSS

Exploits0References1

Patchstack•added 4 days ago•5 views

WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by dutafi in WordPress Plugin Buddyboss Platform versions = 3.0.4...

9.8CVSS5.9AI score

Exploits0Affected Software1

Patchstack•added 2026/01/30 1:43 a.m.•9 views

WordPress BuddyBoss Platform plugin < 2.6.0 - Subscriber+ Comment on Private Post via IDOR vulnerability

Subscriber+ Comment on Private Post via IDOR vulnerability discovered by Faris Krivic in WordPress Plugin Buddyboss Platform versions 2.6.0...

4.3CVSS5.9AI score0.00375EPSS

Exploits2References1Affected Software1

RedhatCVE•added 2026/01/07 9:11 a.m.•18 views

CVE-2025-1909

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS6.8AI score0.00551EPSS

Exploits0References1

Patchstack•added 2025/12/31 12:0 a.m.•6 views

WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bbp_topic_title' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'bbptopictitle' vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...

6.4CVSS5.3AI score0.00218EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/12/31 12:0 a.m.•5 views

WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'bpnouveauajaxmediasave' function vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...

6.4CVSS5.3AI score0.00218EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-54442

Malicious code in bioql PyPI...

6.4CVSS9.1AI score0.00218EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-53948

Malicious code in bioql PyPI...

6.4CVSS8.6AI score0.00215EPSS

Exploits0References2