Lucene search
K

8 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-12433

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS0.00435EPSS
Exploits0References10
OSV
OSV
added 2026/06/24 7:24 p.m.4 views

CVE-2026-27708 FOSSBilling: IDOR in Servicecustom Client API allows cross-client data access

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's call method accepts an orderid parameter and fetches the associated order without verifying the authenticated client owns it, potentially exposing cross-client data...

7.1CVSS5.9AI score0.00265EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45062

Summary Type: Insecure Direct Object Reference. The GET /workspaces/workspace id/issues/issue id/activity endpoint is gated by require workspace memberworkspace id and dispatches to ActivityService.list for issueissue id, which executes SELECT FROM activity WHERE issue id = :issue id with no...

6.5CVSS5.8AI score0.00032EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.9 views

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References1
CVE
CVE
added 2026/02/26 10:0 p.m.26 views

CVE-2026-27835

Issue summary. CVE-2026-27835 affects wger (versions up to 2.4). The vulnerable components are RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet, whose get_queryset() returns all objects (using .all()) instead of filtering by the authenticated user, enabling an authenticated user to enumer...

4.3CVSS5.3AI score0.00257EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.4 views

WordPress plugin WooCommerce Wishlist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

7.5CVSS8.8AI score0.00571EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/11/09 8:15 p.m.2 views

CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

6.5CVSS5.8AI score0.0051EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/04/18 3:15 p.m.4 views

CVE-2022-26665

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records...

7.5CVSS7.1AI score0.01849EPSS
Exploits1References6
Rows per page
Query Builder