Lucene search
K

943 matches found

Veracode
Veracode
added 2023/01/02 2:16 p.m.15 views

Insecure Direct Object References(IDOR)

github.com/usememos/memos is vulnerable to insecure direct object references. Comparison of object references instead of object contents due to insecure direct object references allows an attacker to delete the victim's resources...

6.5CVSS6.3AI score0.00578EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2023/01/02 2:6 p.m.18 views

Improper Authorization

github.com/usememos/memos is vulnerable to improper authorization. The library uses insecure direct object references which allows an attacker to access all private memos of a user and edit them...

8.3CVSS5.5AI score0.00564EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2023/01/02 1:19 p.m.15 views

Insecure Direct Object References(IDOR)

github.com/usememos/memos is vulnerable to insecure direct object references. Improper Authorization due to insecure direct object references allow an attacker to trigger the Reset API on user's behalf...

5.3CVSS5.5AI score0.00702EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2023/01/02 12:53 p.m.12 views

Privilege Escalation

github.com/usememos/memos is vulnerable to privilege escalation. Incorrect use of privileged APIs due to insecure direct object references allows an attacker to archive private memos and delete/edit shortcuts on the user's behalf...

4.3CVSS5.1AI score0.00507EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2023/01/02 10:9 a.m.23 views

Insecure Direct Object References(IDOR)

github.com/usememos/memos is vulnerable to insecure direct object references. The vulnerability allows an attacker to delete all the available memos Public/Private in the entire application since the memos id is numeric & is sequentially incremented which is easy to guess and perform the attack...

5.3CVSS5.4AI score0.00756EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/12/28 3:30 p.m.14 views

GHSA-M5PR-WM6Q-X4G2 usememos/memos vulnerable to Comparison of Object References Instead of Object Contents

Comparison of Object References Instead of Object Contents in GitHub repository usememos/memos 0.9.0 and prior...

6.5CVSS6.7AI score0.00578EPSS
Exploits1References4
Veracode
Veracode
added 2022/12/27 6:52 a.m.17 views

Improper Access Control

github.com/usememos/memos is vulnerable to improper access control. The vulnerability exists in multiple functions due to insecure direct object references which allows an attacker to perform actions on a user's behalf via Change Password feature...

8.8CVSS8.2AI score0.00607EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2022/12/15 12:0 a.m.236 views

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Authorization Bypass

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Authorization Bypass IDOR Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16 Voice...

0.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2022/12/14 12:0 a.m.226 views

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authorization Bypass (IDOR)

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

9.8CVSS5.9AI score0.00758EPSS
Exploits2
OSV
OSV
added 2022/11/28 10:15 p.m.4 views

CVE-2022-24188

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...

7.5CVSS5.8AI score0.00483EPSS
Exploits1References1
CVE
CVE
added 2022/11/28 12:0 a.m.58 views

CVE-2022-24188

The CVE-2022-24188 entry concerns Ourphoto App 1.4.1, where the /device/signin endpoint returns clear-text credentials (deviceVideoCallPassword and mqttPassword). The issue is compounded by lack of session management and insecure direct object references, enabling disclosure of passwords for othe...

7.5CVSS7.5AI score0.00483EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.21 views

WordPress Directorist plugin <= 7.4.2.1 - Auth. Insecure Direct Object References (IDOR) vulnerability

Auth. Insecure Direct Object References IDOR vulnerability leading to arbitrary user password update discovered by cydave in the WordPress Directorist plugin versions = 7.4.2.1. Solution Update the WordPress Directorist plugin to the latest available version at least 7.4.2.2...

3.5AI score0.00606EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2022/11/18 11:15 p.m.12 views

CVE-2022-43492

Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...

8.8CVSS0.00593EPSS
Exploits0References2
Prion
Prion
added 2022/11/18 11:15 p.m.20 views

Spoofing

Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...

6.5CVSS8.6AI score0.00593EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/18 10:8 p.m.63 views

CVE-2022-43492

CVE-2022-43492 affects WordPress with the wpDiscuz plugin at version 7.4.2. It is an Insecure Direct Object References (IDOR) in the Comments feature. The NVD entry lists CVSS v3.1 base metrics: 8.8 (High) with NEURAL: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; PatchStack cites a lower impact vector. R...

8.8CVSS6.4AI score0.00593EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/11/08 7:15 p.m.23 views

CVE-2022-40206

Insecure direct object references IDOR vulnerability in the wpForo Forum plugin = 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public...

6.3CVSS0.00455EPSS
Exploits0References2
CVE
CVE
added 2022/11/08 6:31 p.m.70 views

CVE-2022-40206

Summary (CVE-2022-40206) Insecure Direct Object References (IDOR) in the WordPress wpForo Forum plugin &lt;= 2.0.5. Affected component: wpForo Forum plugin for WordPress. Root cause: IDOR allows users with subscriber or higher roles to change a forum post’s visibility to private/public. Impact: e...

6.3CVSS4.8AI score0.00455EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/08 6:26 p.m.8 views

CVE-2022-40205 WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability

Insecure direct object references IDOR vulnerability in the wpForo Forum plugin = 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved...

5.4CVSS5.4AI score0.00485EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.4 views

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.3CVSS5.2AI score0.00455EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/08 12:0 a.m.5 views

PT-2022-25282 · WordPress · Wpforo Forum

Name of the Vulnerable Software and Affected Versions: wpForo Forum plugin versions = 2.0.5 Description: The issue is related to an insecure direct object references IDOR vulnerability. This vulnerability allows attackers with subscriber or higher user roles to mark any forum post as solved or...

5.4CVSS4.4AI score0.00485EPSS
Exploits0References4
Rows per page
Query Builder