Lucene search
K

106 matches found

CNNVD
CNNVD
added 2026/01/28 12:0 a.m.6 views

StudioCMS 安全漏洞

StudioCMS is StudioCMS open source a content management system . StudioCMS suffers from an information disclosure vulnerability that stems from the presence of corrupted object-level authorization in the content management functionality, which can be exploited by an attacker to cause a user with...

6.5CVSS5.8AI score0.00295EPSS
Exploits2References3
CVE
CVE
added 2026/01/27 11:34 p.m.21 views

CVE-2026-24134

StudioCMS prior to v0.2.0 is affected by a Broken Object Level Authorization (BOLA) in the Content Management feature. The vulnerability allows users with the Visitor role to access draft content created by Editors/Admins/Owners, effectively bypassing RBAC for unpublished content. The issue is mi...

6.5CVSS5.9AI score0.00295EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 10:13 p.m.12 views

StudioCMS has Authorization Bypass Through User-Controlled Key

Summary StudioCMS contains a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Details The Issue: The endpoint /dashboard/content-management/edit?edit=UUID...

6.5CVSS5.9AI score0.00295EPSS
Exploits2References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/08 2:21 a.m.4 views

CVE-2025-12640 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.6 views

WordPress plugin Folders 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.6AI score0.00158EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.8 views

PT-2026-1699

Name of the Vulnerable Software and Affected Versions The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress versions up to and including 3.1.5 Description The Folders plugin for WordPress is susceptible to unauthorized arbitrary media...

4.3CVSS6.2AI score0.00158EPSS
Exploits0References7
EUVD
EUVD
added 2025/12/13 6:30 p.m.5 views

EUVD-2025-203187

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

4.3CVSS5.3AI score0.00336EPSS
Exploits0References6
NVD
NVD
added 2025/12/13 4:16 p.m.5 views

CVE-2025-12512

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

4.3CVSS0.00336EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/13 3:20 a.m.29 views

CVE-2025-12512 GenerateBlocks <= 2.1.2 - Authenticated (Contributor+) Information Exposure via Metadata

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

4.3CVSS0.00336EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.7 views

CVE-2025-12777

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...

5.3CVSS5.7AI score0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/07 6:30 p.m.6 views

EUVD-2025-38272

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

6.2AI score0.00284EPSS
Exploits1References3
OSV
OSV
added 2025/11/07 4:15 p.m.5 views

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

7.6CVSS5.8AI score0.00284EPSS
Exploits1References2
CVE
CVE
added 2025/11/07 12:0 a.m.12 views

CVE-2025-63783

Onlook web application 0.2.32 contains a Broken Object Level Authorization (BOLA) in tRPC mutation APIs (update, delete, add/remove tag). The API fails to verify the requester’s ownership/membership for the target project ID, enabling an authenticated attacker to modify, delete, or manipulate tag...

7.6CVSS6.4AI score0.00284EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54316

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00268EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54317

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00289EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54487

Malicious code in bioql PyPI...

3.1CVSS6.6AI score0.00237EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/07/19 12:57 p.m.93 views

Exploit for CVE-2025-53640

CVE-2025-53640 – Authenticated User Enumeration in CERN's Indi...

5.3CVSS7AI score0.00565EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/03/29 12:25 a.m.20 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

3.1CVSS7.1AI score0.00237EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/29 12:24 a.m.18 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.6CVSS7.1AI score0.00289EPSS
Exploits1References1
NVD
NVD
added 2025/03/27 8:15 p.m.14 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

3.1CVSS0.00237EPSS
Exploits1References2
Rows per page
Query Builder