12119 matches found
PT-2026-51226
Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An information disclosure issue exists in the 'OPTIONS /build/upload/:jobId/' endpoint. Unauthenticated attackers can enumerate valid builder job IDs by observing response discrepancies. This allow...
CVE-2019-25763
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...
EUVD-2019-20199
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...
CVE-2019-25763
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...
CVE-2019-25763 WordPress Ultimate Addons for Beaver Builder 1.2.4.1 Authentication Bypass
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...
CVE-2019-25763
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability. An attacker can submit a POST to admin-ajax.php with the uabb-lf-google-submit action, a valid administrator email, and a valid nonce to obtain session cookies and authenticate as that user. CVSS...
CVE-2026-48908
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...
CVE-2026-48908
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...
EUVD-2026-38110
A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately resulting in PHP code upload and execution...
CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...
CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...
CVE-2026-48908
SP Page Builder for Joomla (joomshaper.com) is affected by CVE-2026-48908. Versions prior to 6.6.12 allow unauthenticated users to upload arbitrary files, enabling PHP code upload and execution. This vulnerability can impact confidentiality, integrity, and availability of the affected site. The C...
PT-2026-51135
Name of the Vulnerable Software and Affected Versions SP Page Builder extension for Joomla versions 1.0.0 through 6.6.1 Description A flaw allows unauthenticated users to upload arbitrary files, which can lead to the upload and execution of PHP code. This issue has been actively exploited in...
PT-2026-51139
Name of the Vulnerable Software and Affected Versions WordPress Ultimate Addons for Beaver Builder version 1.2.4.1 Description An authentication bypass exists in the social media login form functionality. Attackers can gain unauthorized access by submitting a POST request to the 'admin-ajax.php'...
Astra Linux – Vulnerability in docker.io-app
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is vulnerable to cache poisoning if the image is built FROM scratch. Additionally, changes to certain instructions—especially HEALTHCHECK and ONBUILD—do not trigger cache...
Astra Linux – Vulnerability in docker.io-app
Moby v25.0.5 is affected by a race condition in the builder/builder-next/adapters/snapshot/layer.go file. This vulnerability could be exploited to trigger concurrent builds that invoke the EnsureLayer function, leading to resource leaks or exhaustion...
CVE-2026-8118
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...
CVE-2026-8713
The Avada Fusion Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybedeletefiles function in all versions up to, and including, 3.15.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...
EUVD-2026-37987
The Avada Fusion Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybedeletefiles function in all versions up to, and including, 3.15.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...
CVE-2026-8713
The CVE-2026-8713 vulnerability affects Avada (Fusion) Builder for WordPress up to version 3.15.3, where the maybe_delete_files() path handling allows path traversal to delete files (e.g., wp-config.php) via a form entry value. An unauthenticated attacker can submit a crafted payload through the ...