CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/21 12:0 a.m.•4 views

EUVD-2025-35199

4.3CVSS6.2AI score0.00232EPSS

Exploits0References6

CVE•added 2025/10/21 12:0 a.m.•14 views

CVE-2025-60511

The CVE-2025-60511 instance affects Moodle OpenAI Chat Block plugin 3.0.1, with an Insecure Direct Object Reference (IDOR) due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user’s block (e.g., admini...

4.3CVSS6.4AI score0.00232EPSS

Cvelist•added 2025/10/20 2:36 p.m.•11 views

CVE-2025-8884 IDOR in VHS Electronic Software's ACE Center

Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers. This issue affects ACE Center: from 3.10.100.1768 before 3.10.161.2255...

5.5CVSS0.00156EPSS

Positive Technologies•added 2025/10/20 12:0 a.m.•3 views

PT-2025-42792

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 1.4.0 Description FileRise is a self-hosted web-based file manager. A flaw in file/folder handling allows low-privilege users to perform unauthorized operations view, delete, modify on files created by other users...

8.1CVSS6.3AI score0.00279EPSS

Exploits0References10

RedhatCVE•added 2025/10/19 6:43 a.m.•15 views

CVE-2025-11519

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...

4.3CVSS5.7AI score0.00304EPSS

Exploits0References1

EUVD•added 2025/10/18 9:30 a.m.•3 views

EUVD-2025-34975

4.3CVSS5.2AI score0.00304EPSS

NVD•added 2025/10/18 7:15 a.m.•5 views

CVE-2025-11519

4.3CVSS0.00304EPSS

Vulnrichment•added 2025/10/18 6:42 a.m.•7 views

CVE-2025-11519 Image optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload

4.3CVSS5.3AI score0.00304EPSS

CVE•added 2025/10/18 6:42 a.m.•15 views

CVE-2025-11519

The CVE concerns the Optimole WordPress plugin (image optimization service) up to version 4.1.0, where an Insecure Direct Object Reference exists through the /wp-json/optml/v1/move_image REST endpoint due to missing validation of a user-controlled key. This allows authenticated attackers with Aut...

4.3CVSS5.3AI score0.00304EPSS

Vulnrichment•added 2025/10/18 6:42 a.m.•3 views

CVE-2025-11741 WPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosqquickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

5.3CVSS5.8AI score0.00306EPSS

Cvelist•added 2025/10/18 6:42 a.m.•9 views

CVE-2025-11741 WPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure

5.3CVSS0.00306EPSS

Patchstack•added 2025/10/18 1:17 a.m.•6 views

WordPress WPC Smart Quick View for WooCommerce plugin <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure vulnerability

Insecure Direct Object Reference to Unauthenticated Private Product Exposure vulnerability discovered by Lucas Montes Nirox in WordPress Plugin WPC Smart Quick View for WooCommerce versions = 4.2.5...

5.3CVSS6.9AI score0.00306EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/10/18 12:0 a.m.•3 views

WordPress plugin Optimole 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.6AI score0.00304EPSS

RedhatCVE•added 2025/10/17 3:52 p.m.•10 views

CVE-2025-9559

Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data...

6.5CVSS6.8AI score0.00367EPSS

Exploits1References1

NVD•added 2025/10/17 10:15 a.m.•2 views

CVE-2025-11895

The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 5.0. This is due to the bmpuserpayoutdetailofcurrentuser function selecting payout records solely by id without verifying ownership. This makes it possible for authenticate...

4.3CVSS0.00249EPSS

Cvelist•added 2025/10/17 9:26 a.m.•8 views

CVE-2025-11895 Binary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object Reference

4.3CVSS0.00249EPSS

EUVD•added 2025/10/17 9:26 a.m.•3 views

EUVD-2025-34875

The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 3.0. This is due to the bmpuserpayoutdetailofcurrentuser function selecting payout records solely by id without verifying ownership. This makes it possible for authenticate...

4.3CVSS5.3AI score0.00249EPSS

Vulnrichment•added 2025/10/17 9:26 a.m.•3 views

CVE-2025-11895 Binary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object Reference

4.3CVSS5.8AI score0.00249EPSS

CVE•added 2025/10/17 9:26 a.m.•14 views

CVE-2025-11895

The CVE-2025-11895 vulnerability affects Binary MLM Plan (WordPress) versions

4.3CVSS5.9AI score0.00249EPSS