Lucene search
K

955 matches found

Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.9 views

PT-2026-35405

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...

7.8CVSS5.1AI score0.00181EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 3:31 p.m.8 views

EUVD-2026-24748

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 1:18 p.m.4 views

CVE-2026-6355

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/22 1:18 p.m.33 views

CVE-2026-6355 CVE-2026-6355

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...

0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/04/22 1:18 p.m.15 views

CVE-2026-6355

CVE-2026-6355 describes a vulnerability in a web application where unauthorized users can access and manipulate sensitive data across tenants by exploiting insecure direct object references. The root cause is insecure handling of object identifiers that allows cross-tenant access and configuratio...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 1:18 p.m.3 views

CVE-2026-6355 CVE-2026-6355

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...

5.8AI score0.00213EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.10 views

PT-2026-34334

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An insecure direct object reference allows unauthorized users to access and manipulate sensitive data across different tenants. This can result in unauthorized...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Augmentt 安全漏洞

Augmentt is a SaaS management and automation platform developed by Augmentt Inc. in Canada. There is a security vulnerability in Augmentt, which stems from insecure direct object references in web applications. This vulnerability could allow unauthorized users to access and manipulate sensitive...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Horilla 访问控制错误漏洞

Horilla is a free open-source human resources software developed by Horilla Company. Version 1.5.0 of Horilla contains an access control vulnerability, which stems from insecure direct object references in the employee document viewer. This vulnerability could allow any authenticated user to acce...

7.1CVSS5.8AI score0.0014EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/20 10:20 a.m.7 views

WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by James Pirstin in WordPress Plugin EventPrime versions = 4.3.0.0...

5.8AI score0.00278EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.12 views

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00689EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/15 3:21 p.m.8 views

WordPress FluentBoards plugin <= 1.91.2 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin FluentBoards versions = 1.91.2...

8.1CVSS5.8AI score0.00168EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/15 10:21 a.m.4 views

CVE-2026-40784 WordPress FluentBoards plugin <= 1.91.2 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through = 1.91.2...

8.1CVSS5.8AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 10:21 a.m.32 views

CVE-2026-40784 WordPress FluentBoards plugin <= 1.91.2 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through = 1.91.2...

8.1CVSS0.00168EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 10:21 a.m.9 views

CVE-2026-40784

The CVE concerns the WordPress FluentBoards plugin (FluentBoards fluent-boards) &lt;= 1.91.2, with an Insecure Direct Object References (IDOR) vulnerability described as an Authorization Bypass Through User-Controlled Key. Root cause: incorrectly configured access control security levels. Affecte...

8.1CVSS5.8AI score0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 10:21 a.m.5 views

CVE-2026-40737 WordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through = 1.1.4...

5.3CVSS5.8AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 10:21 a.m.37 views

CVE-2026-40737 WordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through = 1.1.4...

5.3CVSS0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.9 views

WordPress plugin Tutor LMS – eLearning and online course solution 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

WordPress plugin Tutor LMS – eLearning and online course solution 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.9 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilitie...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References3
Rows per page
Query Builder