Lucene search
K

248 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.4 views

CVE-2022-27247

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer e.g., data of birth, full address, mail information, and phone number via GastKont Insecure Direct Object Reference...

5.3CVSS6.5AI score0.00925EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/01/02 8:13 a.m.11 views

WordPress Five Star Restaurant Reservations plugin <= 2.7.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Five Star Restaurant Reservations versions = 2.7.4...

8.6CVSS5.4AI score0.00229EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/12/30 12:30 p.m.2 views

EUVD-2025-205712

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through = 1.7...

6.5AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/30 10:47 a.m.3 views

CVE-2025-69029 WordPress Struktur theme <= 2.5.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through = 2.5.1...

5.4CVSS6.6AI score0.00185EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/30 10:47 a.m.3 views

CVE-2025-69024 WordPress BizPrint plugin <= 4.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in bizswoop BizPrint print-google-cloud-print-gcp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizPrint: from n/a through = 4.6.7...

6.5CVSS6.6AI score0.00201EPSS
Exploits0References1
CVE
CVE
added 2025/12/24 12:51 p.m.16 views

CVE-2023-40679

CVE-2023-40679 is a broken access control vulnerability in the WordPress plugin Master Addons for Elementor (aka Jewel Theme Master Addons for Elementor). Affected versions are up to and including 2.0.5.3, with unauthenticated access possible due to misconfigured access controls. The issue is con...

6.5CVSS7.4AI score0.00247EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/23 3:5 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2® Big SQL

Summary Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime 8 affect IBM® Db2® Big SQL 7.x on Cloud Pak for Data 4.x Vulnerability Details CVEID:CVE-2023-38264 DESCRIPTION: The IBM SDK, Java Technology Edition's Object Request Broker ORB 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through...

7.5CVSS8.9AI score0.014EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/12/18 4:45 p.m.10 views

CVE-2025-63043

CVE-2025-63043 is an IDOR-by-auth bypass in the WordPress Post Grid and Gutenberg Blocks plugin (versions up to 2.3.19 as reported). The vulnerability arises from authorization by a user-controlled key, enabling access control bypass to restricted objects. Several connected sources confirm the af...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 9:30 a.m.5 views

EUVD-2025-204247

Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through = 1.3.60...

6.5CVSS6.5AI score0.00353EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.4 views

CVE-2025-66165

Missing Authorization vulnerability in merkulove Lottier for WPBakery lottier-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for WPBakery: from n/a through = 1.1.7...

5.4CVSS7AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 9:31 a.m.5 views

EUVD-2025-203543

Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through = 5.2.2...

6.5CVSS6.5AI score0.00217EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.9 views

PT-2025-51455

Name of the Vulnerable Software and Affected Versions g5theme Essential Real Estate versions through 5.2.2 Description An authorization bypass exists due to incorrectly configured access control security levels. This allows for unauthorized access. The issue is present in g5theme Essential Real...

6.5CVSS6.5AI score0.00217EPSS
Exploits0References4
NVD
NVD
added 2025/12/13 4:16 p.m.8 views

CVE-2025-36747

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...

9.8CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 2025/12/13 8:16 a.m.20 views

CVE-2025-36747

The CVE entry for CVE-2025-36747 describes ShineLan-X firmware containing FTP server credentials, enabling testers to establish an insecure FTP connection. This can allow an attacker to replace legitimate firmware-deployed files with malicious versions because firmware signature verification is n...

9.8CVSS6.5AI score0.00285EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/13 8:16 a.m.25 views

CVE-2025-36747 Hardcoded FTP Credentials within the firmware

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...

9.4CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 2025/12/12 12:0 a.m.19 views

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. An authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter, enabling unauthorized disclosure of sensitive data (text, ...

4.3CVSS6.3AI score0.00241EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/12/09 6:30 p.m.6 views

EUVD-2025-201952

Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...

5.3CVSS6.5AI score0.00222EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-49984

Missing Authorization vulnerability in Hype Hype pico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hype: from n/a through = 1.0.5...

7AI score0.00311EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/22 12:34 p.m.11 views

CVE-2025-66109

Missing Authorization vulnerability in Octolize Shipping Plugins Cart Weight for WooCommerce woo-cart-weight allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cart Weight for WooCommerce: from n/a through = 1.9.11...

5.3CVSS5.9AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 2025/11/10 9:15 p.m.4 views

CVE-2025-48878

Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user e.g. with Service desk agent profile to create a ModuleInstallation object when they shouldn't be able to do so. Version 3.2.2 fixes the issue...

4.3CVSS0.00192EPSS
Exploits0References1
Rows per page
Query Builder