Lucene search
K

943 matches found

Cvelist
Cvelist
added 2023/12/20 2:18 p.m.28 views

CVE-2023-36520 WordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12...

5.4CVSS8.3AI score0.00364EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/20 1:52 p.m.5 views

CVE-2023-38513 WordPress Photo Engine Plugin <= 6.2.5 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine Media Organizer & Lightroom.This issue affects Photo Engine Media Organizer & Lightroom: from n/a through 6.2.5...

5.4CVSS5.5AI score0.00323EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/20 1:42 p.m.26 views

CVE-2023-41796 WordPress Sunshine Photo Cart Plugin < 3.0.0 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0...

5.3CVSS6.7AI score0.00359EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/20 1:32 p.m.9 views

CVE-2023-46311 WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3...

2.7CVSS7.1AI score0.00527EPSS
Exploits0References1
NVD
NVD
added 2023/12/19 11:15 p.m.21 views

CVE-2023-6929

EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the...

9.8CVSS0.00805EPSS
Exploits1References1
Prion
Prion
added 2023/12/19 11:15 p.m.18 views

Authorization

EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the...

7.5CVSS7.3AI score0.00805EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/12/19 11:2 p.m.26 views

CVE-2023-6929 Authorization Bypass Through User-Controlled Key in EuroTel ETL3100

EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the...

7.5CVSS9.7AI score0.00805EPSS
Exploits1References1
CVE
CVE
added 2023/12/19 11:2 p.m.43 views

CVE-2023-6929

EuroTel ETL3100, affected versions v01c01 and v01x37, suffer from insecure direct object references (IDOR) that allow bypassing authorization by using user-supplied input to access objects. The root cause is improper access control via direct object access, enabling attackers to reach hidden reso...

9.8CVSS8.8AI score0.00805EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/12/19 9:24 p.m.18 views

CVE-2022-43450 WordPress Stream Plugin <= 3.9.2 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2...

4.3CVSS6.7AI score0.00652EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/19 8:55 p.m.12 views

CVE-2023-49812 WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005...

5.3CVSS7.6AI score0.00533EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/19 8:55 p.m.18 views

CVE-2023-49812 WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005...

5.3CVSS7.8AI score0.00533EPSS
Exploits0References1
NVD
NVD
added 2023/12/18 2:15 p.m.21 views

CVE-2023-5236

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

6.5CVSS0.0089EPSS
Exploits0References4
Prion
Prion
added 2023/12/18 2:15 p.m.23 views

Design/Logic Flaw

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

4CVSS6.7AI score0.0089EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/12/18 1:43 p.m.159 views

CVE-2023-5236

Summary (based on provided sources): CVE-2023-5236 affects Infinispan and is caused by failing to detect circular object references during unmarshalling, enabling a remote-authenticated attacker to insert a crafted object into the cache to trigger out-of-memory conditions and a denial of service....

6.5CVSS5.3AI score0.0089EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/12/05 12:0 a.m.9 views

WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR)

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.5.02.005 Fixed in 8.6.01.003 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-49812 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 10e03ebd1bf6 Credit...

7.5CVSS6.5AI score0.00533EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/04 12:0 a.m.16 views

WordPress Rate my Post – WP Rating System Plugin <= 3.4.1 is vulnerable to Insecure Direct Object References (IDOR)

Software Rate my Post – WP Rating System Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-49765 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b8f48f9c338b...

6.5CVSS6.6AI score0.004EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/11/28 12:0 a.m.6 views

WordPress Plugin Shortcodes Ultimate Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.7AI score0.00529EPSS
Exploits1References3
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.16 views

WordPress Shortcodes Ultimate Plugin <= 5.13.3 is vulnerable to Insecure Direct Object References (IDOR)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.13.3 Fixed in 7.0.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6226 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7b259d4a9888 Credits Francesc...

4.3CVSS6.8AI score0.00529EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/11/14 5:15 a.m.1 views

CVE-2023-43900

Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...

6.5CVSS5.8AI score0.00581EPSS
Exploits1References2
NVD
NVD
added 2023/11/14 5:15 a.m.18 views

CVE-2023-43900

Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...

6.5CVSS0.00581EPSS
Exploits1References1
Rows per page
Query Builder