CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Cvelist•added 2026/05/08 9:26 p.m.•28 views

CVE-2026-42205 Avo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across Resources

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...

8.8CVSS0.00044EPSS

Exploits0References2

EUVD•added 2026/04/22 9:31 p.m.•2 views

EUVD-2026-22820

The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's outputactionhook function accepting user-controlled input to trigger any registered WordPress action hook without proper...

5.4CVSS6.1AI score0.00017EPSS

Exploits0References4

Cvelist•added 2026/04/15 1:25 a.m.•26 views

CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution

5.4CVSS0.00017EPSS

Exploits0References3

CVE•added 2026/04/15 1:25 a.m.•3 views

CVE-2026-1509

The CVE concerns the Avada (Fusion) Builder plugin for WordPress, affected in all versions up to 3.15.1. The root cause is the output_action_hook() function accepting user-controlled input to trigger any registered WordPress action hook without proper authorization checks, allowing authenticated ...

5.4CVSS6.1AI score0.00017EPSS

Exploits0References3

Vulnrichment•added 2026/04/15 1:25 a.m.•3 views

CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution

5.4CVSS6.1AI score0.00017EPSS

Exploits0References3

Positive Technologies•added 2026/04/15 12:0 a.m.•3 views

PT-2026-32994

The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's output action hook function accepting user-controlled input to trigger any registered WordPress action hook without proper...

5.4CVSS6.1AI score0.00017EPSS

Exploits0References3

Patchstack•added 2025/03/18 9:44 p.m.•3 views

WordPress CozyStay theme <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler vulnerability

Missing Authorization to Arbitrary Action Execution in ajaxhandler vulnerability discovered by Lucio Sá in WordPress Theme CozyStay versions = 1.7.0...

7.5CVSS8.9AI score0.00237EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by