158 matches found
PT-2026-26834
Name of the Vulnerable Software and Affected Versions App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress versions prior to 5.5.11 Description The software contains a flaw that allows unauthorized privilege escalation. The verify role function in AuthTrails.php...
CVE-2025-13029
The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users...
WordPress Knowband Mobile App Builder for wooCommerce plugin < 3.0.0 - Unauthenticated Arbitrary User Deletion vulnerability
Unauthenticated Arbitrary User Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Knowband Mobile App Builder versions 3.0.0...
CVE-2025-13029 Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion
The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users...
CVE-2025-13029
CVE-2025-13029 concerns the Knowband Mobile App Builder for WordPress (WooCommerce) before version 3.0.0. The issue is a lack of authorization on the REST API endpoint used to delete users, allowing unauthenticated attackers to delete arbitrary users. Publicly disclosed details across multiple co...
CVE-2025-13029 Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion
The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users...
WordPress plugin Knowband Mobile App Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-67712 HTML injection issue in ArcGIS Web App Builder
There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...
EUVD-2024-49847
Malicious code in bioql PyPI...
EUVD-2024-44940
Malicious code in bioql PyPI...
EUVD-2023-53685
Malicious code in bioql PyPI...
EUVD-2024-29178
Malicious code in bioql PyPI...
EUVD-2024-48537
Malicious code in bioql PyPI...
EUVD-2023-1643
Malicious code in bioql PyPI...
EUVD-2025-28342
Malicious code in bioql PyPI...
EUVD-2024-44941
Malicious code in bioql PyPI...
EUVD-2024-30367
Malicious code in bioql PyPI...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +133 more potentially affected by CVE-2025-58065 via flask-appbuilder (>=4.1.2 <=4.6.3)
flask-appbuilder PYPI version =4.1.2, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.2.1, =0.4.0, =0.1.0a1, =0.8.2, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2025-58065 Source advisory: SNYK:PYTHON-FLASKAPPBUILDER-12670878...
CVE-2025-58065 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...
CVE-2025-58065
CVE-2025-58065 (Flask-AppBuilder) : Prior to v4.8.1, when using non-database authentication (OAuth/LDAP, etc.), the password reset endpoint remains registered and accessible even if not shown in the UI. This can let an enabled user reset their password and obtain JWTs, potentially bypassing deact...