CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-16404

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00397EPSS

Exploits0References2

NVD•added 2025/05/29 7:15 p.m.•25 views

CVE-2025-48336

Deserialization of Untrusted Data vulnerability in ThimPress Course Builder course-builder allows Object Injection.This issue affects Course Builder: from n/a through 3.6.6...

9.8CVSS0.00397EPSS

Exploits0References1

Cvelist•added 2025/05/29 6:54 p.m.•22 views

CVE-2025-48336 WordPress Course Builder < 3.6.6 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in ThimPress Course Builder course-builder allows Object Injection.This issue affects Course Builder: from n/a through 3.6.6...

9.8CVSS0.00397EPSS

Exploits0References1

Vulnrichment•added 2025/05/29 6:54 p.m.•7 views

CVE-2025-48336 WordPress Course Builder < 3.6.6 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in ThimPress Course Builder course-builder allows Object Injection.This issue affects Course Builder: from n/a through 3.6.6...

9.8CVSS8.6AI score0.00397EPSS

Exploits0References1

CVE•added 2025/05/29 6:54 p.m.•53 views

CVE-2025-48336

The provided data confirms CVE-2025-48336 affects the WordPress theme Course Builder (ThimPress Course Builder) with a Deserialization of Untrusted Data vulnerability that enables PHP Object Injection in versions prior to 3.6.6. Root cause: untrusted data deserialization leading to object injecti...

9.8CVSS7.2AI score0.00397EPSS

Exploits0References1

Patchstack•added 2025/05/29 10:56 a.m.•6 views

WordPress Course Builder < 3.6.6 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Cút lộn xào me Patchstack Alliance in WordPress Theme Course Builder versions 3.6.6...

9.8CVSS7.2AI score0.00397EPSS

Exploits0Affected Software1

CNNVD•added 2025/05/29 12:0 a.m.•3 views

course-builder 代码问题漏洞

course-builder is an open source application from Overdrive Eletrônica. A code issue vulnerability exists in course-builder versions prior to 3.6.6 that stems from deserializing untrusted data, which could lead to object injection...

9.8CVSS9AI score0.00397EPSS

Exploits0References1

Positive Technologies•added 2025/05/29 12:0 a.m.•4 views

PT-2025-23196 · Thimpress · Thimpress Course Builder

Name of the Vulnerable Software and Affected Versions: ThimPress Course Builder versions prior to 3.6.6 Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This can be exploited due to the deserialization of untrusted data, potentially leading to...

9.8CVSS9.4AI score0.00397EPSS

Exploits0References7

Patchstack•added 2025/05/29 12:0 a.m.•12 views

WordPress Course Builder Theme < 3.6.6 is vulnerable to PHP Object Injection

Software Course Builder Type Theme Vulnerable versions 3.6.6 Fixed in 3.6.6 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-48336 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 330f3e0387ca Credits Annn Required privilege Unauthenticated...

9.8CVSS9.6AI score0.00397EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/10/29 5:32 a.m.•31 views

CVE-2024-10000 Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Stored Cross-Site Scripting via Ask a Question Functionality

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00257EPSS

Exploits0References2

NVD•added 2023/01/15 6:15 p.m.•21 views

CVE-2015-10049

A vulnerability was found in Overdrive Eletrônica course-builder up to 1.7.x and classified as problematic. Affected by this issue is some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The manipulation leads to cross site scripting. The attack may be launched...

6.1CVSS4.5AI score0.00536EPSS

Exploits0References4

Prion•added 2023/01/15 6:15 p.m.•15 views

Cross site scripting

5.8CVSS6.5AI score0.00536EPSS

Exploits0References4Affected Software1

CVE•added 2023/01/15 5:58 p.m.•47 views

CVE-2015-10049

The CVE-2015-10049 entry describes a Cross-Site Scripting vulnerability in Overdrive Eletrônica course-builder, affecting versions up to 1.7.x. The issue involves unknown functionality in the file coursebuilder/modules/oeditor/oeditor.html being manipulated to trigger XSS, with remote exploit via...

6.1CVSS4.8AI score0.00536EPSS

Exploits0References4Affected Software1

Cvelist•added 2023/01/15 5:58 p.m.•27 views

CVE-2015-10049 Overdrive Eletrônica course-builder oeditor.html cross site scripting

4CVSS6.1AI score0.00536EPSS

Exploits0References4

Positive Technologies•added 2023/01/15 12:0 a.m.•3 views

PT-2023-10228 · Overdrive Eletrônica · Course-Builder

Name of the Vulnerable Software and Affected Versions: Overdrive Eletrônica course-builder versions up to 1.7.x Description: A vulnerability was found in the course-builder, classified as problematic, affecting some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The...

6.1CVSS4.2AI score0.00536EPSS

Exploits0References7

CNNVD•added 2023/01/15 12:0 a.m.•2 views

Overdrive Eletrônica course-builder 跨站脚本漏洞

course-builder is an open source application from Overdrive Eletrônica. A cross-site scripting vulnerability exists in Overdrive Eletrônica course-builder versions prior to 1.8.0, which stems from some unknown functionality in the file coursebuilder/modules/oeditor/oeditor.html, which is...

6.1CVSS4.1AI score0.00536EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by