Lucene search
K

3461 matches found

NVD
NVD
added 2024/05/16 6:15 a.m.14 views

CVE-2024-4279

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...

6.5CVSS6.6AI score0.00418EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/16 5:33 a.m.19 views

CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...

6.5CVSS6.8AI score0.00418EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/16 5:33 a.m.20 views

CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...

6.5CVSS6.7AI score0.00418EPSS
Exploits0References3
CVE
CVE
added 2024/05/16 5:33 a.m.57 views

CVE-2024-4279

Summary: CVE-2024-4279 affects Tutor LMS – eLearning and online course solution for WordPress. An insecure direct object reference vulnerability exists in the tutor_course_delete function caused by missing validation on a user-controlled key, enabling an authenticated attacker with Instructor-lev...

6.5CVSS6.5AI score0.00418EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/05/16 1:33 a.m.5 views

WordPress Tutor LMS plugin <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion vulnerability

Authenticated Instructor+ Insecure Direct Object Reference to Arbitrary Course Deletion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS versions = 2.7.0...

6.5CVSS7AI score0.00418EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.3 views

PT-2024-26226 · Eramba · Eramba

Name of the Vulnerable Software and Affected Versions: Eramba Community versions prior to 3.22.0 Description: A bug was found in the /attachments/attachments/download/ API endpoint, allowing arbitrary file download due to a lack of user permission checks. This issue is related to an Insecure Dire...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.8 views

PT-2024-22255 · Bonitasoft · Bonitasoft Runtime Community Edition

Name of the Vulnerable Software and Affected Versions: Bonitasoft runtime Community edition affected versions not specified Description: The issue is related to the lack of dynamic permissions in the Community edition of Bonitasoft runtime, which causes an Insecure Direct Object Reference IDOR...

6.5CVSS6.9AI score0.00318EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.6 views

Bonitasoft 安全漏洞

Bonitasoft is an open source BPM software from Bonitasoft. Bonitasoft has a security vulnerability that stems from a lack of dynamic permissions, which leads to an IDOR vulnerability...

6.5CVSS6.4AI score0.00318EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.16 views

Tutor LMS – eLearning and online course solution < 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. Thi...

6.5CVSS6.6AI score0.00418EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/14 3:38 p.m.11 views

CVE-2024-33818

Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference IDOR via the userID parameter...

7.5CVSS7AI score0.00618EPSS
Exploits0References1
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.193 views

BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment

Description The plugin contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request POST /wp-admin/admin-ajax.php HTTP/2 Host: buddyboss.example.com Cookie: REDACTED User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:120.0...

6.5AI score0.0043EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.11 views

BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment

Description The plugin contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request PoC POST /wp-admin/admin-ajax.php HTTP/2 Host: buddyboss.example.com Cookie: REDACTED User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:120.0...

6.4AI score0.0043EPSS
Exploits2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/10 4:39 p.m.12 views

CVE-2024-33818

Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference IDOR via the userID parameter...

7.3AI score0.00618EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/10 4:39 p.m.21 views

CVE-2024-33818

Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference IDOR via the userID parameter...

7.2AI score0.00618EPSS
Exploits0References1
CVE
CVE
added 2024/05/10 4:39 p.m.76 views

CVE-2024-33818

CVE-2024-33818 concerns Globitel KSA SpeechLog v8.1, where an Insecure Direct Object Reference (IDOR) is exposed via the userID parameter. Multiple connected sources corroborate that the vulnerability exists in SpeechLog Analytics v8.1 and is triggered remotely (attack vector: network) with low c...

7.5CVSS7.3AI score0.00618EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.5 views

PT-2024-25498 · Globitel · Globitel Ksa Speechlog

Name of the Vulnerable Software and Affected Versions: Globitel KSA SpeechLog version 8.1 Description: The issue is related to an Insecure Direct Object Reference IDOR that can be accessed via the userID parameter. Recommendations: For Globitel KSA SpeechLog version 8.1, consider restricting acce...

7.5CVSS6.8AI score0.00618EPSS
Exploits0References2
CNVD
CNVD
added 2024/05/07 12:0 a.m.1 views

lunary unsafe direct object reference vulnerability

lunary is a production toolkit for LLM. An insecure direct object reference vulnerability exists in lunary, which stems from an endpoint that does not validate that a supplied project ID belongs to a currently authenticated user, and can be exploited by an attacker to cause unauthorized...

9.1CVSS9AI score0.00479EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

Masteriyo - LMS < 1.7.4 - Insecure Direct Object Reference

Description The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.7.3 via the REST API due to missing validation on a user controlled key. This makes it possible for...

6.5AI score0.00843EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2024/05/02 9:18 p.m.89 views

HackerOne: Insecure Direct Object Reference (IDOR) Allows Viewing Private Report Details via /bugs.json Endpoint

The Insecure Direct Object Reference IDOR vulnerability allowed viewing private report details through the /bugs.json endpoint. Any private reports could be accessed by sending a POST request to the endpoint with the organization ID and a single-digit text query. This gave access to sensitive...

6.6AI score
Exploits0
NVD
NVD
added 2024/05/02 5:15 p.m.28 views

CVE-2024-2346

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated...

5.4CVSS5.2AI score0.00308EPSS
Exploits0References2
Rows per page
Query Builder