CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2024/04/18 12:0 a.m.•280 views

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 0.01 Revision 0 Summary: The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a...

Packet Storm•added 2024/04/18 12:0 a.m.•301 views

Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference

Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver. 4.00...

Packet Storm•added 2024/04/18 12:0 a.m.•288 views

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.5.179 Revision 904 1.5.56 Revision 884 1.229 Revision 440 Summary: ESE Elber Satellite Equipment product line, designed for the high-end radio contribution and...

Packet Storm•added 2024/04/18 12:0 a.m.•294 views

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.999 Revision 1243 1.317 Revision 602 1.220 Revision 1250 1.220 Revision 12481249 1.220 Revision 597 1.217 Revision 1242 1.214 Revision 1023 1.193 Revisi...

Patchstack•added 2024/04/17 2:15 p.m.•1 views

WordPress WP Ultimate Review plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin Wp Ultimate Review versions = 2.2.5...

7.5CVSS7AI score0.00464EPSS

Exploits0Affected Software1

Patchstack•added 2024/04/17 12:0 a.m.•16 views

WordPress Filebird Plugin <= 5.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-2346 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 800a2ac6f56e Credits Tim Coen Required...

5.4CVSS6.5AI score0.00308EPSS

Exploits0References3Affected Software1

WPVulnDB•added 2024/04/17 12:0 a.m.•13 views

EAN for WooCommerce < 4.9.3 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode

Description The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

4.3CVSS5.3AI score0.00375EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/17 12:0 a.m.•11 views

WordPress Wp Ultimate Review Plugin <= 2.2.5 is vulnerable to Insecure Direct Object References (IDOR)

Software Wp Ultimate Review Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.3.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32683 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7b452df5fd16 Credits Kyle...

7.5CVSS6.5AI score0.00464EPSS

Exploits0References2Affected Software1

NVD•added 2024/04/16 4:15 p.m.•11 views

CVE-2023-50872

The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security...

7.5CVSS6.2AI score0.00357EPSS

Cvelist•added 2024/04/16 12:0 a.m.•12 views

CVE-2024-1626 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...

9.1CVSS9.1AI score0.00479EPSS

Exploits1References2

Positive Technologies•added 2024/04/16 12:0 a.m.•4 views

PT-2024-13985 · Accredible · Accredible Credential.Net

Name of the Vulnerable Software and Affected Versions: Accredible Credential.net affected versions not specified Description: The API in Accredible Credential.net allows an Insecure Direct Object Reference attack, which discloses partial information about certificates and their respective holders...

7.5CVSS6.8AI score0.00357EPSS

Exploits0References9

CNNVD•added 2024/04/16 12:0 a.m.•2 views

Accredible 安全漏洞

Accredible is a world-leading digital credentialing platform from Accredible, Inc. that provides digital badges and digital certificates. Accredible has a security vulnerability that stems from allowing an insecure direct object reference attack that can lead to information disclosure...

7.5CVSS6.5AI score0.00357EPSS

Cvelist•added 2024/04/16 12:0 a.m.•17 views

CVE-2023-50872

6.4AI score0.00357EPSS

CVE•added 2024/04/16 12:0 a.m.•54 views

CVE-2023-50872

CVE-2023-50872 affects Accredible Credential.net API. The vulnerability is an Insecure Direct Object Reference that discloses partial information about certificates and their holders. According to the CVSS details, it is a NETWORK-based issue with low attack complexity, no privileges required, an...

7.5CVSS6.4AI score0.00357EPSS

Vulnrichment•added 2024/04/16 12:0 a.m.•12 views

CVE-2023-50872

6.8AI score0.00357EPSS