Lucene search
+L

44162 matches found

nvd
nvd
added 3 hours ago6 views

CVE-2026-14956

The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-fie...

9.8CVSS
Exploits0References2
cve
cve
added 4 hours ago10 views

CVE-2026-14956

The Bricksforge WordPress plugin is affected up to version 3.1.8.6, with a vulnerability in the Pro Forms registration action. The root cause is improper validation of the fieldIds parameter, allowing attacker-supplied field IDs to be added to the trusted form-field whitelist. This enables unauth...

9.8CVSS5.9AI score
Exploits0References2
attackerkb
attackerkb
added 4 hours ago4 views

CVE-2026-14956

The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-fie...

9.8CVSS5.9AI score
Exploits0References3
cvelist
cvelist
added 4 hours ago5 views

CVE-2026-14956 Bricksforge <= 3.1.8.6 - Unauthenticated Privilege Escalation via Pro Forms fieldIds Parameter

The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-fie...

9.8CVSS
Exploits0References2
euvd
euvd
added 4 hours ago3 views

EUVD-2026-45123

The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-fie...

9.8CVSS5.9AI score
Exploits0References2
ptsecurity
ptsecurity
added 6 hours ago5 views

PT-2026-60679

The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-fie...

9.8CVSS5.9AI score
Exploits0References3
wordfence
wordfence
added yesterday7 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 6, 2026 to July 12, 2026)

Last week, there were 267 vulnerabilities disclosed in 222 WordPress Plugins and 6 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 136 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6.3AI score
Exploits0
githubexploit
githubexploit
added yesterday20 views

Exploit for CVE-2024-25600

BricksRCE Exploiter CVE-2024-25600 — WordPress Bricks Bui...

10CVSS7.5AI score0.88234EPSS
Exploits19
github
github
added yesterday6 views

Nuclio: Unsanitized runtimeAttributes.repositories injected into Groovy build.gradle leads to build-time RCE

Summary Nuclio's Java runtime generates a build.gradle file during function builds using Go's text/template package. The template renders runtimeAttributes.repositories values with the . action, which performs no escaping. An attacker can embed a closing brace to break out of the repositories blo...

6.5AI score
Exploits0References5Affected Software1
osv
osv
added yesterday4 views

GHSA-3V79-M2CG-89WW Nuclio: Unsanitized runtimeAttributes.repositories injected into Groovy build.gradle leads to build-time RCE

Summary Nuclio's Java runtime generates a build.gradle file during function builds using Go's text/template package. The template renders runtimeAttributes.repositories values with the . action, which performs no escaping. An attacker can embed a closing brace to break out of the repositories blo...

8CVSS6.5AI score
Exploits0References5
nvd
nvd
added yesterday7 views

CVE-2026-57073

HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read. Note that t...

Exploits0References4
nvd
nvd
added yesterday8 views

CVE-2026-57074

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read...

Exploits0References3
euvd
euvd
added yesterday4 views

EUVD-2026-44966

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read...

6.1AI score
Exploits0References2
cve
cve
added yesterday3 views

CVE-2026-57074

XML::Bare for Perl versions up to 0.53 contains an unbounded character lookahead in parserc_parse, which checks for multicharacter strings such as without verifying buffer offsets. This can trigger an out-of-bounds read on truncated strings such as

6.1AI score
Exploits0References3
cvelist
cvelist
added yesterday14 views

CVE-2026-57074 XML::Bare versions through 0.53 for Perl have an unbounded character lookahead

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read...

Exploits0References2
cvelist
cvelist
added yesterday11 views

CVE-2026-57073 HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead

HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read. Note that t...

Exploits0References3
euvd
euvd
added yesterday5 views

EUVD-2026-44965

HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read. Note that t...

6.1AI score
Exploits0References3
cve
cve
added yesterday4 views

CVE-2026-57073

HTML::Bare on Perl is affected up to version 0.04. The vulnerability arises in parserc_parse, which checks for multicharacter strings (e.g., ) without ensuring offsets stay within the input buffer, allowing truncation like "

6.1AI score
Exploits0References4
thn
thn
added yesterday6 views

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click "Buy Now" instead. Ask a coding assistant to apply a maintainer's fix from a GitHub thread, and a fake comment can make it run a stranger's command on your computer. Neither trick hijacks the...

9.3CVSS6.1AI score0.05776EPSS
Exploits1
talosblog
talosblog
added yesterday5 views

The Hunter's Paradox: Is it time to embrace automated threat hunting?

Should we let AI run our threat hunts? The debate usually splits into two camps. One says, "Yes, obviously! The sheer scale of our security telemetry is impossible for humans to deal with." The other says, "Absolutely not! You can't trust an AI with something this important." The thing is, I thin...

6.3AI score
Exploits0
Rows per page
Query Builder