Lucene search
K

1615 matches found

RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.6 views

CVE-2026-40729

Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...

4.3CVSS5.8AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2026/04/15 11:16 a.m.4 views

CVE-2026-40729

Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...

4.3CVSS0.00141EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:21 a.m.5 views

CVE-2026-40729

Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...

5.8AI score0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 10:21 a.m.4 views

CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...

5.8AI score0.00141EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 10:21 a.m.9 views

CVE-2026-40729

CVE-2026-40729 affects the WordPress plugin “bPlugins 3D viewer – Embed 3D Models” 1.8.5) as recommended by PT-2026-33040. No exploitation details are present in the connected documents beyond the general vulnerability description. Monitor for updates and vendor advisories for any confirmed expl...

4.3CVSS5.8AI score0.00141EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 10:21 a.m.28 views

CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...

4.3CVSS0.00141EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33040

Name of the Vulnerable Software and Affected Versions bPlugins 3D viewer – Embed 3D Models versions prior to 1.8.6 Description Incorrectly configured access control security levels lead to a missing authorization issue, allowing for the exploitation of security levels. Recommendations Update to a...

4.3CVSS5.8AI score0.00141EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

WordPress plugin 3D viewer – Embed 3D Models 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/10 7:23 p.m.4 views

CVE-2026-39485

Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through = 14.2.4...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/09 9:31 p.m.5 views

Improper Certificate Validation

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Certificate Validation in getSSLHostConfig, which does not sufficiently account for all protocol host name inputs. An attacker can access sensitive...

9.1CVSS6.7AI score0.00307EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.6 views

HTTP Request Smuggling

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to HTTP Request Smuggling in ChunkedInputFilter, when handling HTTP/1.1 requests with invalid chunk extensions. An attacker can interfere with the interpretation of...

8.2CVSS5.8AI score0.00453EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.3 views

Open Redirect

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Open Redirect via the LoadBalancerDrainingValve.invoke function. When the LoadBalancerDrainingValve is in the disabled draining state, an attacker can redirect...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.6 views

Improper Encoding or Escaping of Output

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in JsonAccessLogValve, which relies on an unescaped append in generating JSON logs. If non-default values are used for th...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.2 views

Use of a Broken or Risky Cryptographic Algorithm

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm which may arise due to improper preservation of the configured cipher preference order. An attacker who can...

8.2CVSS5.8AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.4 views

Improper Authentication

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Authentication in processOCSPRequest, which is part of the the CLIENTCERT authentication process. An attacker can trigger a soft-fail of OCSP checks whe...

9.1CVSS5.8AI score0.00715EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/08 9:31 a.m.5 views

EUVD-2026-20153

Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through = 14.2.4...

5.9AI score0.00197EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.5 views

CVE-2026-39485

Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through = 14.2.4...

4.3CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39485 WordPress Youtube Embed Plus plugin <= 14.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through = 14.2.4...

5.8AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39485

Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through = 14.2.4...

5.9AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 8:30 a.m.8 views

CVE-2026-39485

CVE-2026-39485 concerns the WordPress plugin Youtube Embed Plus (wordpress-youtube-embed-plus) with versions

4.3CVSS5.9AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder