Lucene search
K

658 matches found

EUVD
EUVD
added 2026/06/15 8:18 p.m.9 views

EUVD-2026-36847

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.37 views

CVE-2026-40792 WordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in KiviCare = 4.2.1 versions...

6.3CVSS0.00249EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.13 views

CVE-2026-39518

The CVE pertains to WordPress EventPrime plugin versions

7.1CVSS5.2AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49477

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 4:16 p.m.14 views

CVE-2026-7787

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

8.1CVSS0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 2:41 p.m.9 views

CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

7.5CVSS5.5AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.20 views

IBM Langflow 安全漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.9.1 of IBM Langflow contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, which could allow...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.10 views

WordPress plugin BuddyPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.5AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS5.5AI score0.00293EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Kiteworks 安全漏洞

Kiteworks is a secure private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow authenticated users to...

4.3CVSS5.4AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Kiteworks 安全漏洞

Kiteworks is a secure private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow authenticated users to...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Kiteworks 安全漏洞

Kiteworks is a secure private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow authenticated users to...

6.5CVSS5.3AI score0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Kiteworks 安全漏洞

Kiteworks is a secure private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow authenticated users to...

5.4CVSS5.4AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

WordPress plugin Meta Field Block 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 5:16 a.m.13 views

CVE-2025-14481

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

4.3CVSS0.00288EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

WordPress plugin Yoast SEO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.9AI score0.00288EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from insecure direct object references in the Express-associated reorder dialog boxes, as well as incorrect...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.6 views

Mk-Auth 安全漏洞

Mk-Auth is a Brazilian internet service provider management system developed by Mk-Auth company. It is used to control client access and permissions through a network interface panel. Version 23.01K4.9 of MK-Auth contains a security vulnerability caused by insecure direct object references. This...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 5:16 p.m.41 views

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS0.00293EPSS
Exploits0References2
Rows per page
Query Builder