4429 matches found
GHSA-4C29-8RGM-JVJJ BuildKit's Malicious frontend can cause file escape outside of storage root
Impact When using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. Patches The issue has been fixed in v0.28.1+ Workarounds Issue requires using an untrusted BuildKit frontend set...
CVE-2026-32485
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...
CVE-2026-24364
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...
CVE-2026-2375
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...
CVE-2026-31823
Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scripting XSS vulnerability exists in multiple places across the shop frontend and admin panel due to unsanitized entity names being rendered as raw HTML. Shop breadcrumbs shared/breadcrumbs.html.twig: The...
EUVD-2026-16086
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...
CVE-2026-3328 Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...
CVE-2026-3328
Affected: Frontend Admin by DynamiApps (WordPress). Vulnerable component: PHP deserialization of admin_form post_content via maybe_unserialize() with no class restrictions. Impact: authenticated attackers with Editor+ can inject a PHP Object; presence of a POP chain enables remote code execution....
CVE-2026-3328 Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...
WordPress plugin Frontend Admin by DynamiApps 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
PT-2026-28525
Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.28.1 Description BuildKit is a toolkit for converting source code to build artifacts. When using a custom BuildKit frontend, a malicious frontend can craft an API message that causes files to be written outside of...
EUVD-2026-15829
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...
EUVD-2026-15561
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...
CVE-2026-32485
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...
CVE-2026-24364
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...
SUSE CVE-2026-23923
An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...
CVE-2026-32485 WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...
CVE-2026-32485
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...
CVE-2026-32485
CVE-2026-32485 affects the WordPress plugin WP User Frontend (weDevs) versions prior to 4.2.9. The vulnerability is a Missing Authorization/Broken Access Control issue caused by incorrectly configured access control security levels in wp-user-frontend, allowing unauthorized access as described in...
CVE-2026-32485 WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...