Lucene search
K

248 matches found

Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24812

CVE-2025-66956 Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computa… https://t.co/B86afgMbsO...

9.9CVSS5.9AI score0.00485EPSS
Exploits0References8
OSV
OSV
added 2026/03/03 9:5 p.m.8 views

GHSA-JXM3-PMM2-9GF6 Craft CMS has Permission Bypass and IDOR in Duplicate Entry Action

Description The "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission where the "Duplicate" action is restricted in the UI, a user can bypass this restriction by sending a direc...

7.1CVSS6AI score0.00234EPSS
Exploits1References4
Veracode
Veracode
added 2026/02/23 7:51 a.m.7 views

Insecure Direct Object Reference (IDOR)

pretix is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper authorization checks on file access endpoints, which allows an attacker to retrieve sensitive files of other users by supplying a known UUID...

7CVSS6AI score0.00226EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.2 views

CVE-2026-24950

Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Authorsy: from n/a through = 1.0.6...

7.5CVSS5.5AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.21 views

CVE-2025-68564 WordPress Sendy plugin <= 3.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through = 3.4.2...

6.5CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:27 a.m.12 views

CVE-2026-25404

CVE-2026-25404 affects the WordPress WP Job Manager plugin (wp-job-manager) versions up to and including 2.4.0. The issue is a missing authorization/broken access control vulnerability arising from incorrectly configured access control security levels, allowing unauthorized access to protected fu...

5.3CVSS5.6AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:26 a.m.3 views

CVE-2026-25005 WordPress Frontend File Manager plugin <= 23.5 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.5...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.21 views

PT-2026-20712

Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through = 5.4.4.1...

5.4AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/06 5:56 p.m.27 views

CVE-2026-24776 OpenProject has an IDOR on MeetingAgendaItems allows cross-project meeting agenda item transfer

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...

4.3CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 2:8 p.m.26 views

CVE-2026-25020 WordPress WP Sync for Notion plugin <= 1.7.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through = 1.7.0...

4.3CVSS0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 2:8 p.m.2 views

CVE-2026-24940 WordPress Travelfic Toolkit plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through = 1.3.3...

4.3CVSS5.3AI score0.00185EPSS
Exploits0References1
NVD
NVD
added 2026/01/29 6:16 p.m.11 views

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

6.8CVSS0.00068EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.6 views

CVE-2026-24585

Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a through = 1.5.0...

6.5CVSS5.4AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:16 p.m.5 views

CVE-2025-68020

Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through = 2.7.13...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:29 p.m.5 views

CVE-2026-24627 WordPress Trusona for WordPress plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a through = 2.0.0...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:28 p.m.2 views

CVE-2026-24556 WordPress ElementCamp plugin <= 2.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through = 2.3.2...

5.3CVSS5.9AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 1:55 a.m.3 views

CVE-2026-23964 Mastodon has insufficient access control to push notification settings

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's push subscription by guessing or obtaining th...

6.5CVSS5.6AI score0.00195EPSS
Exploits0References4
CVE
CVE
added 2026/01/22 1:55 a.m.17 views

CVE-2026-23964

Mastodon vendor: Mastodon server (ActivityPub). Vulnerability CVE-2026-23964 is an insecure direct object reference in the web push subscription update endpoint affecting versions &lt; 4.5.5, &lt; 4.4.12, and

6.5CVSS5.6AI score0.00195EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/12 2:54 p.m.24 views

CVE-2025-41077 Multiple vulnerabilities in Viafirma products

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality ...

8.6CVSS0.00205EPSS
Exploits0References1
CVE
CVE
added 2026/01/08 2:58 p.m.8 views

CVE-2025-4596

CVE-2025-4596 affects the Asseco ADMX system (Asseco AMDX) used for processing medical records. The issue is an information disclosure via IDOR-like access: authenticated users can view medical files belonging to other users by manipulating GET parameters containing document IDs. Root cause: impr...

5.3CVSS6.4AI score0.00281EPSS
Exploits0References1
Rows per page
Query Builder