Lucene search
+L

158 matches found

Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.8 views

PT-2026-26834

Name of the Vulnerable Software and Affected Versions App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress versions prior to 5.5.11 Description The software contains a flaw that allows unauthorized privilege escalation. The verify role function in AuthTrails.php...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/01 6:25 a.m.16 views

CVE-2025-13029

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users...

7.5CVSS7AI score0.00213EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 7:23 a.m.8 views

WordPress Knowband Mobile App Builder for wooCommerce plugin < 3.0.0 - Unauthenticated Arbitrary User Deletion vulnerability

Unauthenticated Arbitrary User Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Knowband Mobile App Builder versions 3.0.0...

7.5CVSS6.7AI score0.00213EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/31 6:0 a.m.3 views

CVE-2025-13029 Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users...

6.6AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 6:0 a.m.21 views

CVE-2025-13029

CVE-2025-13029 concerns the Knowband Mobile App Builder for WordPress (WooCommerce) before version 3.0.0. The issue is a lack of authorization on the REST API endpoint used to delete users, allowing unauthenticated attackers to delete arbitrary users. Publicly disclosed details across multiple co...

7.5CVSS6.6AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/31 6:0 a.m.40 views

CVE-2025-13029 Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users...

0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.6 views

WordPress plugin Knowband Mobile App Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.5CVSS6.6AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/19 8:5 p.m.28 views

CVE-2025-67712 HTML injection issue in ArcGIS Web App Builder

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...

4.7CVSS0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-49847

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00586EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-44940

Malicious code in bioql PyPI...

10CVSS6.6AI score0.00501EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-53685

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.00452EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-29178

Malicious code in bioql PyPI...

6.1CVSS8.8AI score0.00332EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-48537

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.0045EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-1643

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00522EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28342

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00265EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-44941

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00444EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-30367

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00312EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/09/11 6:41 p.m.5 views

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +133 more potentially affected by CVE-2025-58065 via flask-appbuilder (>=4.1.2 <=4.6.3)

flask-appbuilder PYPI version =4.1.2, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.2.1, =0.4.0, =0.1.0a1, =0.8.2, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2025-58065 Source advisory: SNYK:PYTHON-FLASKAPPBUILDER-12670878...

6.5CVSS5.7AI score0.00376EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/09/11 5:55 p.m.8 views

CVE-2025-58065 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

6.5CVSS6.7AI score0.00376EPSS
Exploits0References4
CVE
CVE
added 2025/09/11 5:55 p.m.126 views

CVE-2025-58065

CVE-2025-58065 (Flask-AppBuilder) : Prior to v4.8.1, when using non-database authentication (OAuth/LDAP, etc.), the password reset endpoint remains registered and accessible even if not shown in the UI. This can let an enabled user reset their password and obtain JWTs, potentially bypassing deact...

6.5CVSS6.8AI score0.00376EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder