Lucene search
K

21929 matches found

Circl
Circl
added 2026/04/08 9:53 p.m.3 views

CVE-2026-35169

creationtimestamp| type| source ---|---|--- 2026-04-08 21:53:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizbr4qwcu2i 2026-04-09 01:26:43+00:00| published-proof-of-concept| Telegram/LyxiOFuM6k6JRrVhGkcWrU8R1Vj8dluNTy4xGDA54CBUTMw 2026-04-09 07:15:44+00:00| seen|...

8.7CVSS5.3AI score0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 5:4 p.m.33 views

CVE-2026-32589 Mirror-registry: quay: insecure direct object reference in blobupload

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...

7.4CVSS0.00243EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/04/08 5:4 p.m.4 views

CVE-2026-32589 Mirror-registry: quay: insecure direct object reference in blobupload

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...

7.4CVSS5.8AI score0.00243EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/04/08 3:45 p.m.10 views

kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM subsystem. An authenticated local attacker could exploit a Use-After-Free UAF vulnerability in the /proc/net/atm/lec handling. This flaw occurs due to improper devput calls without prior devhold calls, leading to an imbalance i...

7.8CVSS5.9AI score0.0017EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/08 3:31 p.m.6 views

EUVD-2026-20472

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 3:31 p.m.5 views

EUVD-2026-20469

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

5.8AI score0.00125EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/08 1:6 p.m.20 views

CVE-2026-31411 net: atm: fix crash due to unvalidated vcc pointer in sigd_send()

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

0.00125EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/08 12:59 p.m.2 views

CVE-2026-35023 Wimi Teamwork On-Premises < 8.2.0 IDOR via preview.php

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 12:59 p.m.17 views

CVE-2026-35023 Wimi Teamwork On-Premises < 8.2.0 IDOR via preview.php

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

5.3CVSS0.00179EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 12:59 p.m.2 views

CVE-2026-35023

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References3
CVE
CVE
added 2026/04/08 12:59 p.m.22 views

CVE-2026-35023

CVE-2026-35023 concerns Wimi Teamwork On-Premises versions prior to 8.2.0. The issue is an insecure direct object reference (IDOR) in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and retrieve im...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20127

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/04/08 8:31 a.m.7 views

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2sid' Parameter vulnerability discovered by s00me00ne in WordPress Plugin Blog2Social versions = 8.8.3...

4.3CVSS5.9AI score0.00542EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.25 views

CVE-2026-39616 WordPress Download Attachments plugin <= 1.4.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.4.0...

5.3CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.15 views

CVE-2026-39526

WpStream WordPress plugin &lt; 4.11.2 contains an Insecure Direct Object References (IDOR) vulnerability leading to an Authorization Bypass via a user-controlled key. Root cause: misconfigured access control allowing unauthorized access to resources. Affected product/version: WPStream plugin for ...

5.4CVSS5.9AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 8:16 a.m.5 views

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS0.00327EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/08 7:43 a.m.2 views

CVE-2026-4330 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...

4.3CVSS5.9AI score0.00542EPSS
Exploits0References16
CVE
CVE
added 2026/04/08 7:43 a.m.8 views

CVE-2026-4330

The affected software is the Blog2Social: Social Media Auto Post & Scheduler WordPress plugin. All versions up to 8.8.3 are affected by an authorization bypass in AJAX handlers: the plugin does not validate that the user-supplied b2s_id belongs to the current user before UPDATE/DELETE actions. Th...

4.3CVSS5.9AI score0.00542EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/04/08 7:43 a.m.21 views

CVE-2026-4330 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...

4.3CVSS0.00542EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/04/08 7:43 a.m.19 views

CVE-2026-4654 Awesome Support <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS0.00327EPSS
Exploits0References6
Rows per page
Query Builder