Lucene search
K

4429 matches found

OSV
OSV
added 2026/03/26 6:26 p.m.1 views

GHSA-4C29-8RGM-JVJJ BuildKit's Malicious frontend can cause file escape outside of storage root

Impact When using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. Patches The issue has been fixed in v0.28.1+ Workarounds Issue requires using an untrusted BuildKit frontend set...

8.4CVSS6AI score0.00498EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.4 views

CVE-2026-32485

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:1 p.m.4 views

CVE-2026-24364

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.5 views

CVE-2026-2375

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-31823

Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scripting XSS vulnerability exists in multiple places across the shop frontend and admin panel due to unsanitized entity names being rendered as raw HTML. Shop breadcrumbs shared/breadcrumbs.html.twig: The...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 6:30 a.m.5 views

EUVD-2026-16086

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...

7.2CVSS6.2AI score0.00533EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/26 2:25 a.m.0 views

CVE-2026-3328 Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...

7.2CVSS6.2AI score0.00533EPSS
Exploits0References4
CVE
CVE
added 2026/03/26 2:25 a.m.20 views

CVE-2026-3328

Affected: Frontend Admin by DynamiApps (WordPress). Vulnerable component: PHP deserialization of admin_form post_content via maybe_unserialize() with no class restrictions. Impact: authenticated attackers with Editor+ can inject a PHP Object; presence of a POP chain enables remote code execution....

7.2CVSS6.2AI score0.00533EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/26 2:25 a.m.28 views

CVE-2026-3328 Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...

7.2CVSS0.00533EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.5 views

WordPress plugin Frontend Admin by DynamiApps 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

7.2CVSS5.9AI score0.00533EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28525

Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.28.1 Description BuildKit is a toolkit for converting source code to build artifacts. When using a custom BuildKit frontend, a malicious frontend can craft an API message that causes files to be written outside of...

10CVSS6.1AI score0.60368EPSS
Exploits3References112
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15829

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

5.8AI score0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.3 views

EUVD-2026-15561

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...

5.8AI score0.00311EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.4 views

CVE-2026-32485

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

7.5CVSS0.00262EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-24364

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...

6.5CVSS0.00311EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 4:54 p.m.3 views

SUSE CVE-2026-23923

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

6.9CVSS6AI score0.00285EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.24 views

CVE-2026-32485 WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

7.5CVSS0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:14 p.m.2 views

CVE-2026-32485

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

5.8AI score0.00262EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 4:14 p.m.11 views

CVE-2026-32485

CVE-2026-32485 affects the WordPress plugin WP User Frontend (weDevs) versions prior to 4.2.9. The vulnerability is a Missing Authorization/Broken Access Control issue caused by incorrectly configured access control security levels in wp-user-frontend, allowing unauthorized access as described in...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-32485 WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References1
Rows per page
Query Builder