Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11985 matches found

CVE
CVEadded 2026/05/27 4:58 p.m.13 views

CVE-2026-48150

Budibase CVE-2026-48150 describes a privilege-escalation flaw in the /api/public/v1/roles/assign endpoint prior to 3.39.0. The builderOrAdmin middleware trusts the x-budibase-app-id header to identify the app’s builder, and then the controller propagates the request body to the SDK, which can gra...

9CVSS5.8AI score0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 4:52 p.m.7 views

CVE-2026-48153

Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no...

8.5CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2026/05/27 11:16 a.m.12 views

CVE-2026-42747

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...

9.3CVSS0.00236EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/27 9:49 a.m.27 views

CVE-2026-42747 WordPress Easy Form Builder plugin <= 4.0.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...

9.3CVSS0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/27 9:49 a.m.6 views

CVE-2026-42747 WordPress Easy Form Builder plugin <= 4.0.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/27 9:49 a.m.7 views

EUVD-2026-32196

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 9:49 a.m.7 views

CVE-2026-42747

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References2
CVE
CVEadded 2026/05/27 9:49 a.m.15 views

CVE-2026-42747

CVE-2026-42747 describes a Blind SQL Injection in the WordPress plugin Easy Form Builder (hassantafreshi) up to version 4.0.6. The issue is due to improper neutralization of special elements in SQL commands, enabling an attacker to exploit it without user interaction. Impact is stated as high con...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/05/27 9:13 a.m.6 views

WordPress WPBakery Page Builder Addons by Livemesh plugin <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/05/27 9:13 a.m.6 views

WordPress Livemesh Addons for Beaver Builder plugin <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for Beaver Builder versions = 3.9.2...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/05/27 8:16 a.m.12 views

CVE-2026-3897

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS0.00223EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/27 6:46 a.m.27 views

CVE-2026-3895 WPBakery Page Builder Addons by Livemesh <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...

6.4CVSS0.00223EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/27 6:46 a.m.26 views

CVE-2026-3897 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing Authorization

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS0.00223EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/27 6:46 a.m.7 views

EUVD-2026-32101

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/27 6:46 a.m.6 views

CVE-2026-3897

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References5
CVE
CVEadded 2026/05/27 6:46 a.m.18 views

CVE-2026-3897

The CVE-2026-3897 entry describes a Stored XSS in the Livemesh Addons for Beaver Builder WordPress plugin, via the labb_admin_ajax action. Affected versions are all up to 3.9.2. Root cause is missing authorization checks despite nonce verification, enabling authenticated Subscriber+ users to modi...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/27 4:29 a.m.5 views

CVE-2026-6287

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple Product Gride blocks in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escapin...

5.4CVSS6AI score0.00146EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.7 views

PT-2026-43656

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.7 views

PT-2026-44057

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description The OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses a raw fetchconfig.url call without Server-Side Request Forgery SSRF protection. SSRF is a flaw that allows ...

7.7CVSS5.8AI score0.00217EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.6 views

PT-2026-44059

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.3 Description The VectorDB configuration endpoint accepts a host parameter that lacks validation against internal IP ranges, reserved hostnames, or URL schemes. This allows an authenticated user with builder-lev...

5.3CVSS5.9AI score0.00226EPSS
Exploits0References5
Rows per page
Query Builder