CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2024/04/16 12:0 a.m.•52 views

CVE-2023-50872

CVE-2023-50872 affects Accredible Credential.net API. The vulnerability is an Insecure Direct Object Reference that discloses partial information about certificates and their holders. According to the CVSS details, it is a NETWORK-based issue with low attack complexity, no privileges required, an...

7.5CVSS6.4AI score0.00284EPSS

Cvelist•added 2024/04/16 12:0 a.m.•14 views

CVE-2023-50872

The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security...

6.4AI score0.00284EPSS

Positive Technologies•added 2024/04/16 12:0 a.m.•4 views

PT-2024-13985 · Accredible · Accredible Credential.Net

Name of the Vulnerable Software and Affected Versions: Accredible Credential.net affected versions not specified Description: The API in Accredible Credential.net allows an Insecure Direct Object Reference attack, which discloses partial information about certificates and their respective holders...

7.5CVSS6.8AI score0.00284EPSS

Exploits0References9

Vulnrichment•added 2024/04/16 12:0 a.m.•12 views

CVE-2023-50872

6.8AI score0.00284EPSS

CNNVD•added 2024/04/16 12:0 a.m.•2 views

Accredible 安全漏洞

Accredible is a world-leading digital credentialing platform from Accredible, Inc. that provides digital badges and digital certificates. Accredible has a security vulnerability that stems from allowing an insecure direct object reference attack that can lead to information disclosure...

7.5CVSS6.5AI score0.00284EPSS

Positive Technologies•added 2024/04/15 12:0 a.m.•2 views

PT-2024-18177 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 0.3.0 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the project update endpoint, allowing authenticated users to modify the name of any project within the system without proper...

9.1CVSS9AI score0.00103EPSS

Exploits1References8

CNNVD•added 2024/04/15 12:0 a.m.•1 views

Lunary 安全漏洞

lunary is a production toolkit for LLM. An insecure direct object reference vulnerability exists in lunary, which stems from an endpoint that does not validate that a supplied project ID belongs to a currently authenticated user, and can be exploited by an attacker to cause unauthorized...

9.1CVSS6.6AI score0.00103EPSS

Exploits1References4

OSV•added 2024/04/10 7:15 p.m.•2 views

UBUNTU-CVE-2021-47200

In the Linux kernel, the following vulnerability has been resolved: drm/prime: Fix use after free in mmap with drmgemttmmmap drmgemttmmmap drops a reference to the gem object on success. If the gem object's refcount == 1 on entry to drmgemprimemmap, that drop will free the gem object, and the...

7.8CVSS5.9AI score0.00015EPSS

Exploits0References5

Cvelist•added 2024/04/10 5:7 p.m.•13 views

CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...

7.5CVSS7.6AI score0.00096EPSS

Vulnrichment•added 2024/04/10 5:7 p.m.•11 views

CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary

7.5CVSS6.7AI score0.00096EPSS

CNVD•added 2024/04/10 12:0 a.m.•4 views

GNU Savane Insecure Direct Object Reference Vulnerability

GNU Savane is a collaborative software development management system for project management, code hosting and community collaboration. GNU Savane suffers from an insecure direct object reference vulnerability that arises from an application that does not properly implement access control mechanis...

7.5CVSS7.3AI score0.01091EPSS

Exploits1References1

OSV•added 2024/04/09 7:15 p.m.•2 views

CVE-2024-1289

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...

5.4CVSS5.8AI score0.00247EPSS

NVD•added 2024/04/09 7:15 p.m.•14 views

CVE-2024-1289

6.5CVSS6.1AI score0.00247EPSS

CVE•added 2024/04/09 6:58 p.m.•61 views

CVE-2024-1289

CVE-2024-1289 affects LearnPress – WordPress LMS Plugin. All versions up to 4.2.6.3 are vulnerable to Insecure Direct Object Reference (IDOR) due to missing validation on a user-controlled key when retrieving order data. Authenticated attackers can view orders placed by other users and guests, en...

6.5CVSS8.8AI score0.00247EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/04/09 6:58 p.m.•16 views

CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference

6.5CVSS6.2AI score0.00247EPSS

Vulnrichment•added 2024/04/09 6:58 p.m.•13 views

CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference

6.5CVSS7.2AI score0.00247EPSS

NVD•added 2024/04/08 9:15 p.m.•8 views

CVE-2024-27630

Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...

7.5CVSS6.7AI score0.01091EPSS