Lucene search
+L

417 matches found

EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45239

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php witho...

4.3CVSS5.3AI score0.00238EPSS
Exploits0References5
CVE
CVE
added 2 days ago35 views

CVE-2026-48016

Summary of findings (CVE-2026-48016) : The vulnerability in Shopware Store API allows an external Store API user, including guests, to trigger payments for another user’s order by supplying a foreign orderId to the endpoint /store-api/handle-payment. The root cause is that payment initiation/proc...

4.3CVSS5.3AI score0.00238EPSS
Exploits0References5
OSV
OSV
added 2 days ago5 views

CVE-2026-63307 Chat2DB < 5.3.0 Insecure Direct Object Reference via GET /api/connection/datasource

Chat2DB before 5.3.0 contains an insecure direct object reference vulnerability in the GET /api/connection/datasource/id endpoint. The handler calls dataSourceService.queryExistentid, ... without an ownership check and returns the decrypted password field, allowing any authenticated non-admin use...

7.1CVSS5.4AI score0.00231EPSS
Exploits0References6
CVE
CVE
added 2 days ago14 views

CVE-2026-63307

CVE-2026-63307 affects Chat2DB prior to 5.3.0. The vulnerability is an insecure direct object reference in GET /api/connection/datasource/{id}. The handler calls dataSourceService.queryExistent(id, …) without an ownership check and returns the decrypted password field, enabling any authenticated ...

7.1CVSS5.4AI score0.00231EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-12393

The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders...

5.3AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-58660 Kanboard BoardAjaxController Missing Ownership Check via Drag-and-Drop

Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...

8.1CVSS0.00355EPSS
Exploits0References4
CVE
CVE
added 4 days ago5 views

CVE-2026-58660

Kanboard

8.1CVSS6.1AI score0.00355EPSS
Exploits0References4
OSV
OSV
added 4 days ago4 views

CVE-2026-58660 Kanboard BoardAjaxController Missing Ownership Check via Drag-and-Drop

Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...

7.2CVSS6.1AI score0.00355EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-12988

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.4CVSS6.1AI score0.00169EPSS
Exploits0References1
NVD
NVD
added 6 days ago5 views

CVE-2026-12271

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago3 views

CVE-2026-12271

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

6.1AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 8:44 p.m.8 views

CVE-2026-55881

OpenReplay (self-hosted session replay) versions affected: 1.22.0 – 1.27.0. The vulnerability arises in getFirstMob where 15-second presigned S3 download URLs for a session’s DOM-replay recording were generated based only on the session path, while validateProjectAccess only checked tenant owners...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/10 8:44 p.m.33 views

CVE-2026-55881 OpenReplay: Cross-tenant session replay disclosure via missing session ownership check in first-mob endpoint

OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the...

7.1CVSS0.00246EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 8:44 p.m.3 views

CVE-2026-55881 OpenReplay: Cross-tenant session replay disclosure via missing session ownership check in first-mob endpoint

OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References6
CVE
CVE
added 2026/07/10 8:42 p.m.9 views

CVE-2026-55880

OpenReplay CVE-2026-55880 affects OpenReplay self-hosted session replay (versions 1.27.0 and earlier). The root cause is that three mutation operations—notes.delete, dashboards.update_widget, and dashboards.remove_widget—executed SQL without the ownership predicate used by their read/edit sibling...

7.1CVSS6.1AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 6:24 p.m.9 views

CVE-2026-61460

Krayin CRM up to version 2.2.3 is affected by an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController. The root cause is missing record-level ownership validation in edit, update, and destroy methods, e...

8.8CVSS6.1AI score0.0028EPSS
Exploits0References3
NVD
NVD
added 2026/07/10 3:16 p.m.7 views

CVE-2026-56765

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS0.00351EPSS
Exploits0References2
NVD
NVD
added 2026/07/09 10:16 a.m.9 views

CVE-2026-12433

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS0.00435EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/09 9:31 a.m.8 views

EUVD-2026-42567

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS6AI score0.00297EPSS
Exploits0References10
CVE
CVE
added 2026/07/07 10:18 p.m.14 views

CVE-2026-59704

Cap’s GET /api/video/ai endpoint lacks proper ownership/membership validation, exposing private video AI metadata (titles, summaries, chapters) and enabling authenticated attackers to solicit arbitrary video IDs to read sensitive content. This may also trigger unauthorized AI generation that depl...

7.1CVSS6AI score0.00216EPSS
Exploits0References5
Rows per page
Query Builder