Lucene search
+L

4649 matches found

NVD
NVD
added 3 hours ago4 views

CVE-2026-14871

osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization BOLA leading to Insecure Direct Object Reference IDOR in the AJAX ticket-management subsystem...

7.1CVSS
Exploits0References5
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-14871 osTicket v1.18.3 - v1.17.7 - BOLA/IDOR in ticket field viewing allows cross-department data disclosure

osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization BOLA leading to Insecure Direct Object Reference IDOR in the AJAX ticket-management subsystem...

7.1CVSS5.3AI score
Exploits0References5
Cvelist
Cvelist
added 4 hours ago10 views

CVE-2026-14871 osTicket v1.18.3 - v1.17.7 - BOLA/IDOR in ticket field viewing allows cross-department data disclosure

osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization BOLA leading to Insecure Direct Object Reference IDOR in the AJAX ticket-management subsystem...

7.1CVSS
Exploits0References5
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-45186

osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization BOLA leading to Insecure Direct Object Reference IDOR in the AJAX ticket-management subsystem...

7.1CVSS5.3AI score
Exploits0References5
CVE
CVE
added 4 hours ago8 views

CVE-2026-14871

This CVE affects osTicket versions 1.18.3 and 1.17.7, where a Broken Object Level Authorization (BOLA) leads to an Insecure Direct Object Reference (IDOR) in the AJAX ticket-management subsystem. The issue enables cross-department data disclosure due to improper access controls on object referenc...

7.1CVSS5.3AI score
Exploits0References5
Nuclei
Nuclei
added 14 hours ago14 views

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

5.3CVSS5.2AI score0.00843EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago21 views

Danswer - Insecure Direct Object Reference

The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/fileid interface to view any user's file. id: CVE-2024-9617 info: name: Danswer - Insecure Direct Object Reference author: s4e-io severity: medium...

6.5CVSS6.4AI score0.01557EPSS
Exploits0
NVD
NVD
added 15 hours ago6 views

CVE-2026-15159

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 17 hours ago2 views

CVE-2026-15159

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 17 hours ago11 views

CVE-2026-15159 Ninja Forms - Excel Export <= 3.3.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Data Disclosure via 'spreadsheet_export_form_id' Parameter

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS
Exploits0References2
Positive Technologies
Positive Technologies
added 19 hours ago3 views

PT-2026-60805

Chat2DB before 5.3.0 contains an insecure direct object reference vulnerability in the GET /api/connection/datasource/id endpoint. The handler calls dataSourceService.queryExistentid, ... without an ownership check and returns the decrypted password field, allowing any authenticated non-admin use...

7.1CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 19 hours ago3 views

PT-2026-60779

osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization BOLA leading to Insecure Direct Object Reference IDOR in the AJAX ticket-management subsystem...

7.1CVSS5.3AI score
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-12510

The CVE concerns the AI Engine WordPress plugin prior to version 3.5.5. It does not verify ownership of a chatbot conversation when a client-supplied identifier is used, enabling users with subscriber-level access to read other users’ private conversations and take over their conversation records...

5.9CVSS6.1AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-11580 Kali Forms < 2.4.17 - Contributor+ Arbitrary Post Metadata Disclosure via IDOR

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not perform a per-object capability check in its post-duplication AJAX action, allowing users with Contributor-level access or above to duplicate any post regardless of owner, post type, or status into a...

0.00189EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-15637

Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the credential identifier...

7.5CVSS0.00192EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-15058

Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user's messages via a direct object reference to the message identifier...

3.1CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 3 days ago7 views

CVE-2026-15058

The CVE-2026-15058 affects Devolutions Server versions 2026.2.11 and 2026.1.22, where the secure messages deletion endpoint incorrectly authorizes access. An authenticated user can delete another user’s messages by directly referencing the message identifier, due to an improper authorization flaw...

3.1CVSS6.1AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-15637

Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the credential identifier...

0.00192EPSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2026-15637

CVE-2026-15637 affects Devolutions Server 2026.2.11 and 2026.1.22: improper authorization in the PAM SSH key and certificate retrieval endpoints allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the...

7.5CVSS6.1AI score0.00192EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-9341

CVE-2026-9341 affects The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution (WordPress) up to version 3.8.0. The root cause is an insecure direct object reference due to missing validation on a user-controlled key, exploitable via the AJAX handlers save_lesson_note , get_lesson_n...

4.3CVSS6.2AI score0.00255EPSS
Exploits0References6
Rows per page
Query Builder