CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/08/22 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2025-1042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2...

7.5CVSS5.5AI score0.00406EPSS

Vulnrichment•added 2025/08/21 5:34 p.m.•4 views

CVE-2025-7051 N-central Syslog Configuration Insecure Direct Object Reference

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2...

8.3CVSS7AI score0.00255EPSS

RedhatCVE•added 2025/08/20 1:35 p.m.•10 views

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

7.7CVSS7.2AI score0.00217EPSS

Cvelist•added 2025/08/20 8:3 a.m.•9 views

CVE-2025-53208 WordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business paymaya-checkout-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maya Business: from n/a through = 1.2.0...

7.5CVSS0.0034EPSS

Redos•added 2025/08/19 12:0 a.m.•4 views

ROS-20250819-01

Moodle virtual learning environment vulnerability related to IDOR issue in Feedback report. Exploitation The vulnerability could allow an attacker acting remotely to gain unauthorized access to features that would otherwise be restricted. functions that would otherwise be limited to Vulnerability...

7.5CVSS6.9AI score0.00597EPSS

Exploits0

OSV•added 2025/08/18 3:30 p.m.•4 views

GHSA-V6XR-V2QG-H22H Liferay Portal Vulnerable to Insecure Direct Object Reference

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

Github Security Blog•added 2025/08/18 3:30 p.m.•4 views

Exploits0References7

Liferay Portal Vulnerable to Insecure Direct Object Reference

Exploits0References7Affected Software1

NVD•added 2025/08/18 2:15 p.m.•8 views

CVE-2025-4962

7.7CVSS0.00217EPSS

OSV•added 2025/08/18 2:15 p.m.•4 views

CVE-2025-4962

7.7CVSS6.7AI score

NVD•added 2025/08/18 2:15 p.m.•5 views

CVE-2025-43732

4.8CVSS0.00231EPSS

Vulnrichment•added 2025/08/18 1:27 p.m.•6 views

CVE-2025-4962 IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary

7.7CVSS6.8AI score0.00217EPSS

CVE•added 2025/08/18 1:27 p.m.•19 views

CVE-2025-4962

CVE-2025-4962 describes an Insecure Direct Object Reference (IDOR) in Lunary API. The vulnerability exists in the endpoint POST /v1/templates and allows an authenticated user to create templates in another user’s project by manipulating the projectId query parameter. Root cause: missing server-si...

7.7CVSS7.3AI score0.00217EPSS

CVE•added 2025/08/18 1:20 p.m.•20 views

CVE-2025-43732

CVE-2025-43732 affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.10, 2024.Q4.0–Q4.7, 2024.Q3.1–Q3.13, 2024.Q2.1–Q2.13, 2024.Q1.1–Q1.17, and 7.4 GA through update 92. The vulnerability is an Insecure Direct Object Reference (IDOR) in the groupId parameter of the _com_liferay...

Exploits0References1Affected Software2

Cvelist•added 2025/08/18 1:20 p.m.•8 views

CVE-2025-43732

4.8CVSS0.00231EPSS

Vulnrichment•added 2025/08/18 1:20 p.m.•3 views

CVE-2025-43732

CNNVD•added 2025/08/18 12:0 a.m.•4 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

4.8CVSS6.7AI score0.00231EPSS

CNNVD•added 2025/08/18 12:0 a.m.•4 views

Lunary 访问控制错误漏洞

Lunary is a production toolkit for LLM from Lunary Open Source. An access control error vulnerability exists in Lunary version 0.8.8 and earlier, which stems from an insecure direct object reference that could lead to template creation overreach...

7.7CVSS6.7AI score0.00217EPSS

Exploits0References3

Positive Technologies•added 2025/08/18 12:0 a.m.•4 views

PT-2025-33651 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.10 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.1 through...

4.8CVSS6.3AI score0.00231EPSS

Exploits0References10

Cvelist•added 2025/08/14 10:34 a.m.•10 views

CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motors: from n/a through = 1.4.80...

5.3CVSS0.00285EPSS