CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4427 matches found

SUSE CVE•added 2025/11/14 12:23 a.m.•2 views

SUSE CVE-2025-40206

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...

5.1CVSS6.5AI score0.00162EPSS

Exploits0References20

EUVD•added 2025/11/13 10:34 p.m.•4 views

EUVD-2025-150363

File Browser is Vulnerable to Insecure Direct Object Reference IDOR in Share Deletion Function...

7.2CVSS6.3AI score0.00376EPSS

Exploits1References3

OSV•added 2025/11/13 10:34 p.m.•2 views

GHSA-6CQF-CFHV-659G File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function

Summary It has been found an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. This vulnerability allows any authenticated user with share permissions to delete other users' shared links without authorization checks. The impact is...

8.8CVSS6.5AI score0.00376EPSS

Exploits1References4

NVD•added 2025/11/13 6:15 p.m.•2 views

CVE-2025-64706

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...

7.5CVSS0.00204EPSS

Exploits1References1

Cvelist•added 2025/11/13 5:49 p.m.•14 views

CVE-2025-64706 Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure

5CVSS0.00204EPSS

Exploits1References1

EUVD•added 2025/11/13 5:49 p.m.•3 views

EUVD-2025-175346

5CVSS6.3AI score0.00204EPSS

Exploits1References1

EUVD•added 2025/11/13 3:30 p.m.•5 views

EUVD-2025-169288

Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...

5.3CVSS6.2AI score0.00215EPSS

Exploits0References2

NVD•added 2025/11/13 2:15 p.m.•4 views

CVE-2025-41069

5.3CVSS0.00215EPSS

Exploits0References1

RedhatCVE•added 2025/11/13 5:7 a.m.•12 views

CVE-2025-12087

The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlmremoveaddedwishlistpage' AJAX action due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.6AI score0.00164EPSS

Exploits0References1

RedhatCVE•added 2025/11/13 5:7 a.m.•6 views

CVE-2025-12833

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...

4.3CVSS5.6AI score0.00198EPSS

Exploits0References1

NVD•added 2025/11/13 4:15 a.m.•5 views

CVE-2025-12366

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.5 via the pagelayerreplacepage function due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS0.00208EPSS

Exploits0References3

CVE•added 2025/11/13 3:27 a.m.•8 views

CVE-2025-12366

CVE-2025-12366: The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress has an Insecure Direct Object Reference in versions up to 2.0.5, caused by missing validation in pagelayer_replace_page. This authenticated vulnerability affects users with Author-level access and abo...

4.3CVSS5.1AI score0.00208EPSS

Exploits0References3

Cvelist•added 2025/11/13 3:27 a.m.•6 views

CVE-2025-12366 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference

4.3CVSS0.00208EPSS

Exploits0References3

EUVD•added 2025/11/13 3:27 a.m.•3 views

EUVD-2025-150410

4.3CVSS5AI score0.00208EPSS

Exploits0References4

Vulnrichment•added 2025/11/13 3:27 a.m.•3 views

CVE-2025-12366 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference

4.3CVSS5.1AI score0.00208EPSS

Exploits0References3

EUVD•added 2025/11/13 12:30 a.m.•2 views

EUVD-2025-150368

5.8AI score0.00162EPSS

Exploits0References5

Positive Technologies•added 2025/11/13 12:0 a.m.•4 views

PT-2025-46778

Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer versions up to and including 2.0.5 Description The Page Builder: Pagelayer WordPress plugin has an Insecure Direct Object Reference issue. This is due to a lack of validation on a user-controlled key within the pagelaye...

4.3CVSS6.2AI score0.00208EPSS

Exploits0References6

CNNVD•added 2025/11/13 12:0 a.m.•2 views

T-INNOVA Deporsite 安全漏洞

T-INNOVA Deporsite is an application from T-INNOVA, Inc. A security vulnerability exists in T-INNOVA Deporsite that stems from an insecure direct object reference that could lead to unauthorized resource access or modification...

5.3CVSS6.7AI score0.00215EPSS

Exploits0References1

Positive Technologies•added 2025/11/13 12:0 a.m.•5 views

PT-2025-46828

5.3CVSS6.8AI score0.00215EPSS

Exploits0References2

OSV•added 2025/11/12 10:15 p.m.•1 views

DEBIAN-CVE-2025-40206

5.2AI score0.00162EPSS

Exploits0References1

Rows per page