CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4405 matches found

ATTACKERKB•added 2023/05/20 4:15 a.m.•2 views

CVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

9.8CVSS7.2AI score0.00805EPSS

Exploits0References5

NVD•added 2023/05/16 9:15 a.m.•9 views

CVE-2023-2548

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

7.2CVSS6.4AI score0.0054EPSS

Exploits0References2

Hacker One•added 2023/05/02 3:56 a.m.•134 views

HackerOne: Insecure Direct Object Reference (IDOR) - Delete Campaigns

An insecure direct object reference IDOR vulnerability was discovered on a website, which allowed an attacker to delete any campaign based on the campaign ID. By modifying the campaign ID parameter in the request, an attacker could delete campaigns on any program. This vulnerability could have...

6.9AI score

Exploits0

Veeam•added 2023/04/25 12:0 a.m.•21 views

Backup of Microsoft Teams Fails With: Object reference not set to an instance of an object

Challenge Backup of Microsoft Teams in Veeam Backup for Microsoft 365 fails with the following error: Error: Object reference not set to an instance of an object. Copy Cause This issue is related to recent changes in the response syntax of the Microsoft Graph API to a specific request that Veeam...

6.9AI score

Exploits0Affected Software1

NVD•added 2023/04/15 11:15 p.m.•16 views

CVE-2018-17455

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals"...

7.5CVSS7.1AI score0.0016EPSS

Exploits0References2

OSV•added 2023/04/15 11:15 p.m.•24 views

CVE-2018-17455

7.5CVSS7.3AI score

Exploits0References2

NVD•added 2023/04/15 11:15 p.m.•29 views

CVE-2018-17449

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference...

7.5CVSS7.2AI score0.00154EPSS

Exploits0References2

UbuntuCve•added 2023/04/15 11:15 p.m.•17 views

CVE-2018-17455

7.5CVSS7.1AI score0.0016EPSS

Exploits0References2

Prion•added 2023/04/15 11:15 p.m.•18 views

Information disclosure

5CVSS7.3AI score0.00154EPSS

Exploits0References2Affected Software1

Prion•added 2023/04/15 11:15 p.m.•20 views

Design/Logic Flaw

5CVSS7.2AI score0.0016EPSS

Exploits0References2Affected Software1

UbuntuCve•added 2023/04/15 11:15 p.m.•22 views

CVE-2018-17449

7.5CVSS7.1AI score0.00154EPSS

Exploits0References2

CNNVD•added 2023/04/15 12:0 a.m.•1 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab, which stems from an insecure direct...

7.5CVSS7.3AI score0.00154EPSS

Exploits0References3

Vulnrichment•added 2023/04/15 12:0 a.m.•6 views

CVE-2018-17449

6.5AI score0.00154EPSS

Exploits0References2

AlpineLinux•added 2023/04/14 2:15 p.m.•30 views

CVE-2022-45175

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/ID-FILE/c/N/C/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a...

6.5CVSS6.7AI score0.00669EPSS

Exploits1References1

OSV•added 2023/04/14 2:15 p.m.•2 views

CVE-2022-45175

6.5CVSS5.8AI score0.00669EPSS

Exploits1References1

Prion•added 2023/04/14 2:15 p.m.•16 views

Design/Logic Flaw

4CVSS6.4AI score0.00669EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2023/04/14 12:0 a.m.•6 views

CVE-2022-45175

6.9AI score0.00669EPSS

Exploits1References1

CNNVD•added 2023/04/14 12:0 a.m.•3 views

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from an insecure direct object reference may occur in 5.6.5-3/doc/ID-FILE/c/N/C/websocket...

6.5CVSS6.4AI score0.00669EPSS

Exploits1References2

Cvelist•added 2023/04/14 12:0 a.m.•15 views

CVE-2022-45175

6.7AI score0.00669EPSS

Exploits1References1

Positive Technologies•added 2023/04/14 12:0 a.m.•3 views

PT-2023-14630 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows an Insecure Direct Object Reference to occur under the "5.6.5-3/doc/ID-FILE/c/N/C/websocket" endpoint. A malicious unauthenticated user can access cached files in...

6.5CVSS6.4AI score0.00669EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by