Lucene search
K

12098 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.6 views

RHCOS 3 : OpenShift Container Platform 3.9 (RHSA-2018:2013)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2013 advisory. - Routing: Malicous Service configuration can bring down routing for an entire shard. CVE-2018-1070 - openshift-ansible: Incorrectly...

10CVSS7.2AI score0.02237EPSS
Exploits0References65
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

RHCOS 3 : openshift (RHSA-2015:1650)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1650 advisory. - OpenShift3: Exec operations should be forbidden to privileged pods such as builder pods CVE-2015-5222 Note that Nessus has not tested for...

8.5CVSS5.8AI score0.0269EPSS
Exploits0References4
NVD
NVD
added 2026/05/02 9:16 a.m.7 views

CVE-2026-5324

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS0.00401EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/02 8:27 a.m.9 views

EUVD-2026-26764

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/02 8:27 a.m.3 views

CVE-2026-5324

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/02 8:27 a.m.6 views

CVE-2026-5324 Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References8
CVE
CVE
added 2026/05/02 8:27 a.m.12 views

CVE-2026-5324

The Brizy – Page Builder for WordPress is vulnerable to unauthenticated stored XSS in versions up to 2.8.11, due to missing nonce verification for unauthenticated submissions, improper handling of FileUpload fields when no file is uploaded, and html_entity_decode() reversing stored encoding in ad...

7.2CVSS6AI score0.00401EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/02 8:27 a.m.31 views

CVE-2026-5324 Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS0.00401EPSS
Exploits0References8
NVD
NVD
added 2026/05/02 6:16 a.m.6 views

CVE-2026-7647

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...

8.1CVSS0.00462EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/02 5:29 a.m.5 views

CVE-2026-7647 Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...

8.1CVSS5.9AI score0.00462EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/02 5:29 a.m.33 views

CVE-2026-7647 Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...

8.1CVSS0.00462EPSS
Exploits0References5
CVE
CVE
added 2026/05/02 5:29 a.m.14 views

CVE-2026-7647

Profile Builder Pro for WordPress (versions up to 3.14.5) is vulnerable to PHP Object Injection due to maybe_unserialize() on the attacker-controlled 'args' parameter in wppb_request_users_pins_action_callback(). The AJAX handler is registered for both authenticated and unauthenticated requests (...

8.1CVSS5.9AI score0.00462EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/02 5:29 a.m.10 views

EUVD-2026-26750

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...

8.1CVSS5.9AI score0.00462EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/02 5:29 a.m.5 views

CVE-2026-7647

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...

8.1CVSS5.9AI score0.00462EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/02 3:36 a.m.32 views

EUVD-2026-26732

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/02 3:36 a.m.5 views

CVE-2026-7638 App Builder <= 5.5.10 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification via 'user_id' Parameter

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References10
CVE
CVE
added 2026/05/02 3:36 a.m.9 views

CVE-2026-7638

CVE-2026-7638 details : The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress (WordPress plugin) is vulnerable to Insecure Direct Object Reference in all versions up to 5.6.0. The root cause is missing authorization validation in the upload_avatar() function, which...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/02 3:36 a.m.34 views

CVE-2026-7638 App Builder <= 5.5.10 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification via 'user_id' Parameter

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS0.00306EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/02 3:36 a.m.4 views

CVE-2026-7638

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.11 views

PT-2026-36563

Name of the Vulnerable Software and Affected Versions App Builder – Create Native Android & iOS Apps On The Flight versions prior to 5.6.1 Description An Insecure Direct Object Reference IDOR exists due to missing authorization validation in the upload avatar function. The...

5.3CVSS5.8AI score0.00306EPSS
Exploits0References17
Rows per page
Query Builder