CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/01 1:40 a.m.•28 views

CVE-2026-4947 Insecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign

7.1CVSS0.00174EPSS

Vulnrichment•added 2026/04/01 1:40 a.m.•2 views

CVE-2026-4947 Insecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign

7.1CVSS5.9AI score0.00174EPSS

CNNVD•added 2026/04/01 12:0 a.m.•3 views

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Reader and Foxit PDF Editor have security vulnerabilities. These vulnerabilities stem from potentially insecure direct...

7.1CVSS5.8AI score0.00174EPSS

Patchstack•added 2026/03/31 11:58 p.m.•3 views

WordPress User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field vulnerability

WordPress User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.15.5 - Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Post Author Reassignment via Avatar Field vulnerability discovered by type5afe in WordPress Plugin Profile...

4.3CVSS5.9AI score0.00171EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/31 12:31 p.m.•2 views

EUVD-2026-17359

Insecure Direct Object Reference IDOR vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, coul...

7CVSS6AI score0.00209EPSS

ATTACKERKB•added 2026/03/31 11:18 a.m.•3 views

CVE-2026-3139

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppbsaveavatarvalue function due to missing validation on a user controlled key...

Vulnrichment•added 2026/03/31 11:18 a.m.•1 views

Exploits0References3

CVE-2026-3139 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field

CVE•added 2026/03/31 11:18 a.m.•10 views

CVE-2026-3139

The CVE-2026-3139 vulnerability affects the WordPress plugin “User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor” up to version 3.15.5. The issue is insecure direct object reference via wppb_save_avatar_value(), caused by missing validation on a user-contro...

NVD•added 2026/03/31 11:16 a.m.•4 views

CVE-2026-4400

7CVSS0.00209EPSS

RedhatCVE•added 2026/03/31 4:59 a.m.•1 views

CVE-2026-3124

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary...

Positive Technologies•added 2026/03/31 12:0 a.m.•4 views

PT-2026-29220

7CVSS6AI score0.00209EPSS

Positive Technologies•added 2026/03/31 12:0 a.m.•3 views

PT-2026-29224

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppb save avatar value function due to missing validation on a user controlled key...

RedhatCVE•added 2026/03/30 10:52 p.m.•2 views

Exploits0References3

CVE-2026-0562

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function in backend/routers/friends.py does not implement proper authorization checks, enabling Insecure Direct...

8.3CVSS7AI score0.00268EPSS

Exploits1References1

NVD•added 2026/03/30 6:16 p.m.•11 views

CVE-2026-33030

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

9.9CVSS0.0028EPSS

Exploits1References1

Patchstack•added 2026/03/30 7:44 a.m.•3 views

WordPress Download Monitor plugin <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id' vulnerability

Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'orderid' vulnerability discovered by Hung Nguyen bashu - VN in WordPress Plugin Download Monitor versions = 5.1.7...

7.5CVSS5.9AI score0.00269EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/30 2:16 a.m.•4 views

CVE-2026-3124

7.5CVSS0.00269EPSS

ATTACKERKB•added 2026/03/30 1:24 a.m.•2 views

CVE-2026-3124

Vulnrichment•added 2026/03/30 1:24 a.m.•1 views

Exploits0References3

CVE-2026-3124 Download Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id'

CVE•added 2026/03/30 1:24 a.m.•9 views

CVE-2026-3124

The CVE-2026-3124 issue affects the WordPress Download Monitor plugin up to version 5.1.7. The root cause is Insecure Direct Object Reference via the executePayment() function due to missing validation on a user controlled key. This enables unauthenticated attackers to complete arbitrary pending ...