CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/02/16 6:21 a.m.•9 views

CVE-2024-13692

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...

5.4CVSS9.2AI score0.00288EPSS

RedhatCVE•added 2025/02/15 1:19 p.m.•2 views

CVE-2025-1270

Insecure direct object reference IDOR vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the “pkrelated” parameter in the “/h6web/hadatoshermano.php” endpoint to refer to another user. In addition, the...

9.1CVSS6.4AI score0.00332EPSS

RedhatCVE•added 2025/02/14 6:29 a.m.•7 views

CVE-2024-13601

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. This makes i...

4.3CVSS9.1AI score0.00308EPSS

NVD•added 2025/02/14 6:15 a.m.•21 views

CVE-2024-13692

5.4CVSS0.00288EPSS

Cvelist•added 2025/02/14 5:22 a.m.•25 views

CVE-2024-13692 Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference

5.4CVSS0.00288EPSS

Vulnrichment•added 2025/02/14 5:22 a.m.•10 views

CVE-2024-13692 Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference

5.4CVSS5.4AI score0.00288EPSS

CVE•added 2025/02/14 5:22 a.m.•53 views

CVE-2024-13692

The CVE-2024-13692 entry for Return Refund and Exchange For WooCommerce (woo-refund-and-exchange-lite) is confirmed as a real vulnerability. It is an Insecure Direct Object Reference (IDOR) in all versions up to 4.4.5 caused by missing validation on a user-controlled key. This flaw allows unauthe...

5.4CVSS5.4AI score0.00288EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2025/02/14 4:36 a.m.•14 views

CVE-2024-33818

Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference IDOR via the userID parameter...

7.5CVSS7.3AI score0.00618EPSS

CNNVD•added 2025/02/14 12:0 a.m.•3 views

WordPress plugin Return Refund and Exchange For WooCommerce 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An authorization issue vulnerability exists...

5.4CVSS8.3AI score0.00288EPSS

Exploits0References7

Patchstack•added 2025/02/13 6:56 p.m.•4 views

WordPress Return Refund and Exchange For WooCommerce plugin <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin Return Refund and Exchange For WooCommerce versions = 4.4.5...

5.4CVSS7AI score0.00288EPSS

Exploits0References1Affected Software1

CVE•added 2025/02/13 12:48 p.m.•57 views

CVE-2025-1270

CVE-2025-1270 describes an IDOR vulnerability in Anapi Group’s h6web. An authenticated attacker can access other users’ information by sending a POST to /h6web/ha_datos_hermano.php and altering the pkrelated parameter to reference a different user, with the first request potentially enabling impe...

9.1CVSS6.5AI score0.00332EPSS

Exploits0References1Affected Software1

NCSC•added 2025/02/13 9:9 a.m.•4 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 14.1 to 17.8.2. The vulnerabilities include a denial-of-service vulnerability, an external service interaction vulnerability, a critical XSS vulnerability, improper authorization vulnerabilities, an insecure direct object...

8.8CVSS6.2AI score0.00473EPSS

Exploits4References1

CNNVD•added 2025/02/13 12:0 a.m.•1 views

Anapi h6web 安全漏洞

Anapi h6web is a management software from Anapi. A security vulnerability exists in Anapi h6web that stems from the presence of an insecure direct object reference vulnerability that could lead to an attacker obtaining information about other users...

9.1CVSS6.4AI score0.00332EPSS

Positive Technologies•added 2025/02/13 12:0 a.m.•2 views

PT-2025-6871

Name of the Vulnerable Software and Affected Versions: h6web affected versions not specified Description: The issue is related to an insecure direct object reference IDOR vulnerability. It allows an authenticated attacker to access other users' information by making a POST request and modifying t...

9.1CVSS5.9AI score0.00332EPSS

OSV•added 2025/02/12 3:15 p.m.•3 views

UBUNTU-CVE-2025-1042

7.5CVSS5.8AI score0.00406EPSS

Exploits0References4

Cvelist•added 2025/02/12 3:2 p.m.•7 views

CVE-2025-1042 Files or Directories Accessible to External Parties in GitLab

4.9CVSS0.00406EPSS

Exploits0References2

CVE•added 2025/02/12 3:2 p.m.•292 views

CVE-2025-1042

CVE-2025-1042 is an insecure direct object reference in GitLab EE that allowed viewing repositories without authorization in affected releases: 15.7 up to 17.6.5, 17.7 up to 17.7.4, and 17.8 up to 17.8.2. The vulnerability’s root cause is improper access control on repository data, with no exploi...

7.5CVSS4.8AI score0.00406EPSS

Exploits0References2Affected Software1

NVD•added 2025/02/12 6:15 a.m.•9 views

CVE-2024-13601

4.3CVSS0.00308EPSS

Vulnrichment•added 2025/02/12 5:28 a.m.•9 views

CVE-2024-13601 Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object Reference

4.3CVSS4.4AI score0.00308EPSS