CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

704 matches found

CNNVD•added 2025/10/13 12:0 a.m.•4 views

Liferay DXP 安全漏洞

Liferay DXP is a suite of digital experience collaboration platforms from Liferay USA. A security vulnerability exists in Liferay DXP versions 2023.Q4.1 through 2023.Q4.5, which stems from the comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId An insecure direct object...

5.3CVSS6.3AI score0.00249EPSS

Exploits0References2

CNNVD•added 2025/10/13 12:0 a.m.•4 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

4.8CVSS6.4AI score0.00258EPSS

Exploits0References2

Positive Technologies•added 2025/10/13 12:0 a.m.•3 views

PT-2025-41793

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.1 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.5 Description An insecure direct object reference IDOR exists in the Publications feature. This allows remotely authenticated attackers to view the...

4.8CVSS6.5AI score0.00258EPSS

Exploits0References6

CNNVD•added 2025/10/12 12:0 a.m.•3 views

HCL Unica Centralized Offer Management 安全漏洞

HCL Unica Centralized Offer Management is a module of HCL India responsible for the unified management and distribution of offers. A security vulnerability exists in HCL Unica Centralized Offer Management that originates from an insecure direct object reference that could lead to unauthorized...

7.5CVSS6.6AI score0.00204EPSS

Exploits0References1

NVD•added 2025/10/11 9:15 a.m.•2 views

CVE-2025-11518

The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX functions due to missing validation on a user controlled key that is exposed when wishlists are shared. This makes it...

5.3CVSS0.00213EPSS

Exploits0References2

CNNVD•added 2025/10/11 12:0 a.m.•3 views

WordPress plugin WPC Smart Wishlist for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.7AI score0.00213EPSS

Exploits0References2

EUVD•added 2025/10/07 3:30 p.m.•4 views

EUVD-2025-32714

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

5.3CVSS6.3AI score0.0024EPSS

Exploits0References2

CVE•added 2025/10/07 12:21 p.m.•12 views

CVE-2025-40676

CVE-2025-40676 affects Negotiator v3.15.2 from BBMRI-ERIC. The vulnerability is an insecure direct object reference (IDOR) in the userID parameter of the /api/v3/users/ endpoint, enabling an attacker to access or modify unauthorised resources and potentially expose or alter sensitive data. The CV...

5.3CVSS6.4AI score0.0024EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-5869

Malware in sbrugna...

4.3CVSS4.8AI score0.01538EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2019-5873

Malware in sbrugna...

6.5CVSS5.6AI score0.01333EPSS

Exploits1References5