Lucene search
K

3470 matches found

NVD
NVD
added 2024/08/27 4:15 p.m.18 views

CVE-2024-40395

An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...

6.5CVSS0.00622EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.3 views

PTC ThingWorx 安全漏洞

PTC ThingWorx is a complete end-to-end technology platform designed for the Industrial Internet of Things IIoT from PTC Corporation, USA. A security vulnerability exists in PTC ThingWorx version v9.5.0 that stems from an insecure direct object reference that allows an attacker to view sensitive...

6.5CVSS6.6AI score0.00622EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/27 12:0 a.m.15 views

CVE-2024-40395

An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...

0.00622EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/27 12:0 a.m.12 views

CVE-2024-40395

An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...

6.8AI score0.00622EPSS
Exploits0References1
NVD
NVD
added 2024/08/22 11:15 a.m.30 views

CVE-2024-7848

The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...

6.5CVSS0.0031EPSS
Exploits0References2
OSV
OSV
added 2024/08/22 11:15 a.m.4 views

CVE-2024-7848

The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...

6.5CVSS5.8AI score0.0031EPSS
Exploits0References2
CVE
CVE
added 2024/08/22 10:58 a.m.52 views

CVE-2024-7848

CVE-2024-7848 affects the WordPress plugin “User Private Files – Upload Documents & Secure File Sharing with Frontend File Manager” (versions

6.5CVSS4.5AI score0.0031EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/22 10:58 a.m.19 views

CVE-2024-7848 User Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access

The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...

4.3CVSS6.8AI score0.0031EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/18 9:36 p.m.43 views

CVE-2024-43239 WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.11.4...

4.3CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/18 9:36 p.m.20 views

CVE-2024-43239 WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.11.4...

4.3CVSS5.2AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2024/08/16 3:15 a.m.7 views

CVE-2023-7049

The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...

4.3CVSS0.00388EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/08/16 3:15 a.m.2 views

CVE-2023-7049

The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...

4.3CVSS5.4AI score0.00388EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/16 1:59 a.m.7 views

CVE-2023-7049 Custom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode

The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...

4.3CVSS6.5AI score0.00388EPSS
Exploits0References2
CVE
CVE
added 2024/08/16 1:59 a.m.36 views

CVE-2023-7049

CVE-2023-7049 affects the Custom Field For WP Job Manager WordPress plugin. It enables insecure direct object access via the cm_fieldshow shortcode, due to missing validation of the job_id parameter. All versions up to 1.2 are affected. Exploitation requires authenticated access at contributor le...

4.3CVSS4.4AI score0.00388EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/16 1:59 a.m.15 views

CVE-2023-7049 Custom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode

The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...

4.3CVSS0.00388EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/16 1:31 a.m.6 views

WordPress Custom Field For WP Job Manager plugin <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode vulnerability

Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Custom Field For WP Job Manager versions = 1.2...

4.3CVSS6.9AI score0.00388EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2024/08/16 12:0 a.m.296 views

Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Bhojon restaurant management system v3.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/12 12:0 a.m.188 views

Farmacia Gama 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : Farmacia Gama v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/09 12:0 a.m.283 views

Bhojon Restaurant Management System 2.8 Insecure Direct Object Reference

==================================================================================================================================== | Title : Bhojon restaurant management system v2.9 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/07 12:0 a.m.311 views

AccPack Buzz 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : AccPack Buzz v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vend...

7.4AI score
Exploits0
Rows per page
Query Builder