CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4405 matches found

OSV•added 2024/09/17 3:31 p.m.•11 views

GHSA-Q25C-R482-77P9 powermail TYPO3 extension has Insecure Direct Object Reference

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

6.9CVSS7.5AI score0.00536EPSS

Exploits0References8

Github Security Blog•added 2024/09/17 3:31 p.m.•17 views

powermail TYPO3 extension has Insecure Direct Object Reference

7.5CVSS6.9AI score0.00536EPSS

Exploits0References8Affected Software1

NVD•added 2024/09/17 2:15 p.m.•14 views

CVE-2024-47047

7.5CVSS0.00536EPSS

Exploits0References1

OSV•added 2024/09/17 2:15 p.m.•2 views

CVE-2024-47047

7.5CVSS5.8AI score0.00536EPSS

Exploits0References1

CVE•added 2024/09/17 12:0 a.m.•56 views

CVE-2024-47047

CVE-2024-47047 concerns the powermail TYPO3 extension (up to 12.4.0). The root cause is the failure to validate the mail parameter in the createAction, leading to an Insecure Direct Object Reference (IDOR). Consequence: an unauthenticated attacker can view user-submitted data from all forms persi...

7.5CVSS7.2AI score0.00536EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/09/17 12:0 a.m.•13 views

CVE-2024-47047

7AI score0.00536EPSS

Exploits0References1

OSV•added 2024/09/12 7:15 p.m.•3 views

CVE-2024-25270

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference IDOR vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data...

4.3CVSS5.8AI score0.0021EPSS

Exploits0References1

CVE•added 2024/09/12 12:0 a.m.•64 views

CVE-2024-25270

Mirapolis LMS 4.6.XX contains an IDOR vulnerability that authenticated users can exploit by manipulating the ID parameter and incrementing the STEP parameter, potentially exposing sensitive user data. Root cause: insecure direct object reference in the affected endpoint. Affected product/version:...

4.3CVSS6.6AI score0.0021EPSS

Exploits0References1Affected Software1

OpenVAS•added 2024/09/12 12:0 a.m.•55 views

ownCloud < 10.15.0 Multiple Vulnerabilities

ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; ifdescription...

7.1AI score

Exploits1References5

CNNVD•added 2024/09/12 12:0 a.m.•2 views

Mirapolis LMS 安全漏洞

Mirapolis LMS is a modern distance learning management system from Mirapolis. A security vulnerability exists in Mirapolis LMS 4.6.XX that stems from an insecure direct object reference IDOR that allows an authenticated user to expose sensitive user data by manipulating the ID parameter and...

4.3CVSS6.5AI score0.0021EPSS

Exploits0References2

Positive Technologies•added 2024/09/12 12:0 a.m.•3 views

PT-2024-20853 · Unknown · Mirapolis Lms

Name of the Vulnerable Software and Affected Versions: Mirapolis LMS version 4.6.XX Description: An issue in Mirapolis LMS allows authenticated users to exploit an Insecure Direct Object Reference IDOR vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the...

4.3CVSS6.6AI score0.0021EPSS

Exploits0References7

OSV•added 2024/09/11 2:15 p.m.•1 views

CVE-2024-27113

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

9.8CVSS5.7AI score0.00165EPSS

Exploits0References1

Vulnrichment•added 2024/09/11 1:41 p.m.•26 views

CVE-2024-27113 Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02

9.3CVSS7AI score0.00165EPSS

Exploits0References1

Cvelist•added 2024/09/11 1:41 p.m.•17 views

CVE-2024-27113 Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02

9.3CVSS0.00165EPSS

Exploits0References1

OwnCloud•added 2024/09/09 12:0 a.m.•32 views

Insecure Direct Object Reference in external storage - ownCloud

Insecure Direct Object Reference in external storage configuration may allow an authenticated attacker to change configuration of external storage of another user as well as gain access to credentials...

8.8CVSS6.8AI score

Exploits1Affected Software1

OSV•added 2024/09/06 2:15 p.m.•3 views

CVE-2024-8428

The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...

8.8CVSS5.8AI score0.002EPSS

Exploits0References2

NVD•added 2024/09/06 2:15 p.m.•9 views

CVE-2024-8428

8.8CVSS0.002EPSS

Exploits0References3

CVE•added 2024/09/06 1:55 p.m.•46 views

CVE-2024-8428

Summary (CVE-2024-8428) : The ForumWP – Forum & Discussion Board Plugin for WordPress (

8.8CVSS8.7AI score0.002EPSS

Exploits0References3Affected Software1

Cvelist•added 2024/09/06 1:55 p.m.•15 views

CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover

8.8CVSS0.002EPSS

Exploits0References3

Vulnrichment•added 2024/09/06 1:55 p.m.•13 views

CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover

8.8CVSS7AI score0.002EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by