Lucene search
K

12113 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-1829

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

8.8CVSS6AI score0.00682EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.7 views

CVE-2026-9065

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

9.3CVSS5.8AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45716

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS5.6AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.8 views

CVE-2026-45715

Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration packages/server/src/integrations/rest.ts follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecti...

7.7CVSS5.4AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6279

The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...

9.8CVSS6.2AI score0.02163EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42747

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...

9.3CVSS5.6AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.8 views

CVE-2026-28445

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

8.7CVSS5.7AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-4798

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.7AI score0.00511EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.8 views

CVE-2026-48150

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS5.5AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.9 views

CVE-2026-8206

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...

9.8CVSS5.5AI score0.0126EPSS
Exploits4References1
OSV
OSV
added 2026/06/05 12:4 p.m.17 views

RLSA-2026:22937 Important: image-builder security update

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls CVE-2025-68121...

9.1CVSS6.7AI score0.01945EPSS
Exploits2References9
Rockylinux
Rockylinux
added 2026/06/05 12:4 p.m.25 views

image-builder security update

An update is available for image-builder. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A local binary for building customized OS artifacts such as VM images...

10CVSS6.7AI score0.01945EPSS
Exploits2
Rockylinux
Rockylinux
added 2026/06/05 12:3 p.m.23 views

image-builder security update

An update is available for image-builder. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A local binary for building customized OS artifacts such as VM images a...

10CVSS6.7AI score0.01945EPSS
Exploits2
OSV
OSV
added 2026/06/05 12:3 p.m.14 views

RLSA-2026:23228 Important: image-builder security update

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls CVE-2025-68121...

9.1CVSS6.7AI score0.01945EPSS
Exploits2References9
OSV
OSV
added 2026/06/05 10:6 a.m.8 views

RHSA-2026:23228 Red Hat Security Advisory: image-builder security update

Bulletin has no description...

9.1CVSS6.5AI score0.01945EPSS
Exploits2References61
Fedora
Fedora
added 2026/06/05 4:26 a.m.11 views

[SECURITY] Fedora 44 Update: perl-ExtUtils-Builder-0.020-1.fc44

Writing extensions for various build tools can be a daunting task. This module tries to abstract steps of build processes into reusable building blocks for creating platform and build system agnostic executable descriptions of work...

5.3CVSS5.8AI score0.00327EPSS
Exploits0
Fedora
Fedora
added 2026/06/05 4:26 a.m.11 views

[SECURITY] Fedora 44 Update: perl-ExtUtils-Builder-Compiler-0.036-1.fc44

This is an interface wrapping around different compilers. It's usually not used directly but by a portability layer like ExtUtils::Builder::Autodetect::C...

5.3CVSS5.8AI score0.00327EPSS
Exploits0
Fedora
Fedora
added 2026/06/05 4:9 a.m.12 views

[SECURITY] Fedora 43 Update: perl-ExtUtils-Builder-0.020-1.fc43

Writing extensions for various build tools can be a daunting task. This module tries to abstract steps of build processes into reusable building blocks for creating platform and build system agnostic executable descriptions of work...

5.3CVSS5.8AI score0.00327EPSS
Exploits0
Fedora
Fedora
added 2026/06/05 4:9 a.m.12 views

[SECURITY] Fedora 43 Update: perl-ExtUtils-Builder-Compiler-0.036-1.fc43

This is an interface wrapping around different compilers. It's usually not used directly but by a portability layer like ExtUtils::Builder::Autodetect::C...

5.3CVSS5.8AI score0.00327EPSS
Exploits0
Patchstack
Patchstack
added 2026/06/05 4:6 a.m.12 views

WordPress Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns plugin <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery vulnerability

WordPress Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns plugin = 6.1.3 - Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Shambles in WordPress Plugin Essential Blocks for Gutenberg versions = 6.1.3...

7.2CVSS5.8AI score0.00213EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder