Lucene search
K

3461 matches found

Vulnrichment
Vulnrichment
added 2024/04/19 12:0 a.m.12 views

CVE-2024-32166

Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...

7AI score0.00738EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/19 12:0 a.m.3 views

WordPress Plugin Wp Ultimate Review 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS6.8AI score0.00464EPSS
Exploits0References2
NVD
NVD
added 2024/04/18 11:15 a.m.13 views

CVE-2023-6897

The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS4.3AI score0.00375EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/18 11:5 a.m.12 views

CVE-2023-6897 EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode

The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00375EPSS
Exploits0References2
CVE
CVE
added 2024/04/18 11:5 a.m.71 views

CVE-2023-6897

CVE-2023-6897 affects the EAN, UPC, ISBN Generator: Product Barcode Inventory for WooCommerce plugin (EAN for WooCommerce) for WordPress. The Red Hat entry confirms an Insecure Direct Object Reference in all versions up to 4.9.2 via the shortcode alg_wc_ean_product_meta, caused by missing validat...

4.3CVSS6.2AI score0.00375EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/04/18 11:5 a.m.19 views

CVE-2023-6897 EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode

The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS4.6AI score0.00375EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/04/18 12:0 a.m.296 views

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.999 Revision 1243 1.317 Revision 602 1.220 Revision 1250 1.220 Revision 12481249 1.220 Revision 597 1.217 Revision 1242 1.214 Revision 1023 1.193 Revisi...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/18 12:0 a.m.302 views

Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference

Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver. 4.00...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/18 12:0 a.m.282 views

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 0.01 Revision 0 Summary: The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a...

7.4AI score
Exploits0
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.13 views

EAN for WooCommerce < 4.9.3 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode

Description The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

4.3CVSS5.3AI score0.00375EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/16 4:15 p.m.11 views

CVE-2023-50872

The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security...

7.5CVSS6.2AI score0.00357EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.16 views

CVE-2024-1626 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...

9.1CVSS9.1AI score0.00479EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.13 views

CVE-2023-50872

The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security...

6.8AI score0.00357EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/16 12:0 a.m.3 views

Accredible 安全漏洞

Accredible is a world-leading digital credentialing platform from Accredible, Inc. that provides digital badges and digital certificates. Accredible has a security vulnerability that stems from allowing an insecure direct object reference attack that can lead to information disclosure...

7.5CVSS6.5AI score0.00357EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.17 views

CVE-2023-50872

The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security...

6.4AI score0.00357EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.5 views

PT-2024-13985 · Accredible · Accredible Credential.Net

Name of the Vulnerable Software and Affected Versions: Accredible Credential.net affected versions not specified Description: The API in Accredible Credential.net allows an Insecure Direct Object Reference attack, which discloses partial information about certificates and their respective holders...

7.5CVSS6.8AI score0.00357EPSS
Exploits0References9
CVE
CVE
added 2024/04/16 12:0 a.m.59 views

CVE-2023-50872

CVE-2023-50872 affects Accredible Credential.net API. The vulnerability is an Insecure Direct Object Reference that discloses partial information about certificates and their holders. According to the CVSS details, it is a NETWORK-based issue with low attack complexity, no privileges required, an...

7.5CVSS6.4AI score0.00357EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.5 views

PT-2024-18177 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 0.3.0 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the project update endpoint, allowing authenticated users to modify the name of any project within the system without proper...

9.1CVSS9AI score0.00479EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2024/04/10 5:7 p.m.12 views

CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...

7.5CVSS6.7AI score0.00436EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/10 5:7 p.m.20 views

CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...

7.5CVSS7.6AI score0.00436EPSS
Exploits1References2
Rows per page
Query Builder