CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:34 p.m.•6 views

CVE-2026-1541

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS5.4AI score0.00269EPSS

EUVD•added 2026/05/21 4:28 a.m.•19 views

EUVD-2026-31211

CVE•added 2026/05/21 4:28 a.m.•23 views

CVE-2026-1543

CVE-2026-1543 concerns the Avada (Fusion) Builder WordPress plugin. All versions up to and including 3.15.2 are affected by a Stored Cross-Site Scripting (XSS) flaw due to insufficient input sanitization and output escaping. The vulnerability can be exploited by an authenticated attacker with Sub...

ATTACKERKB•added 2026/05/21 4:28 a.m.•12 views

CVE-2026-1543

Positive Technologies•added 2026/05/21 12:0 a.m.•12 views

PT-2026-42394

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: qcom: q6apm: moving component registration to an unmanaged version The q6apm component registers dynamic data from ASoC toplology, which are allocated using device-managed API functions. Assigning both components and...

7.8CVSS5.3AI score0.00126EPSS

EUVD•added 2026/04/22 9:31 p.m.•4 views

EUVD-2026-22820

The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's outputactionhook function accepting user-controlled input to trigger any registered WordPress action hook without proper...

5.4CVSS6.1AI score0.0031EPSS

EUVD•added 2026/04/22 9:31 p.m.•5 views

EUVD-2026-22822

RedhatCVE•added 2026/04/16 7:22 p.m.•4 views

CVE-2026-39424

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...

5.3CVSS5.8AI score0.00368EPSS

ATTACKERKB•added 2026/04/15 1:25 a.m.•3 views

CVE-2026-1509

5.4CVSS6.1AI score0.0031EPSS

Cvelist•added 2026/04/15 1:25 a.m.•30 views

CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution

5.4CVSS0.0031EPSS

Vulnrichment•added 2026/04/15 1:25 a.m.•5 views

CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution

5.4CVSS6.1AI score0.0031EPSS

Vulnrichment•added 2026/04/15 1:25 a.m.•2 views

CVE-2026-1541 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference

ATTACKERKB•added 2026/04/15 1:25 a.m.•4 views

Exploits0References2

CVE-2026-1541

CVE•added 2026/04/15 1:25 a.m.•8 views

CVE-2026-1541

The CVE concerns the Avada (Fusion) Builder WordPress plugin, affected up to version 3.15.1. The root cause is that fusion_get_post_custom_field() does not validate whether metadata keys are underscore-prefixed, enabling authenticated users with Subscriber-level access and above to expose protect...

Positive Technologies•added 2026/04/15 12:0 a.m.•5 views

Exploits0References2

PT-2026-32995

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusion get post custom field function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...