Lucene search
K

21929 matches found

Patchstack
Patchstack
added 2026/04/07 3:48 a.m.6 views

WordPress Amelia plugin <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter vulnerability

Insecure Direct Object Reference to Authenticated Employee+ Privilege Escalation via 'externalId' Parameter vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Amelia versions = 2.1.3...

8.8CVSS5.9AI score0.00632EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-006569)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006569 advisory. In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perfmmap fail When perfmmap fails to allocate a buffer, it still invokes...

7.8CVSS6.6AI score0.00168EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.10 views

PT-2026-30799

Name of the Vulnerable Software and Affected Versions Amelia plugin for WordPress versions up to and including 2.1.3 Description The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is susceptible to Insecure Direct Object Reference. The UpdateProviderCommandHandler does...

8.8CVSS5.7AI score0.00632EPSS
Exploits1References10
Redos
Redos
added 2026/04/07 12:0 a.m.4 views

ROS-20260407-73-0004

A vulnerability in the olddeviceless function of the net/bridge/brioctl.c module of the Linux operating system kernel network functions implementation is related to errors in updating the reference count. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS6.3AI score0.00168EPSS
Exploits0
Redos
Redos
added 2026/04/07 12:0 a.m.4 views

ROS-20260407-73-0022

A vulnerability in the netfilter component of the Linux operating system kernel is related to errors in updating the reference counter. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial-of-service condition...

5.5CVSS6.1AI score0.0016EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/06 11:25 p.m.5 views

SUSE CVE-2026-31408

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...

7CVSS5.7AI score0.003EPSS
Exploits0References27
SUSE CVE
SUSE CVE
added 2026/04/06 11:24 p.m.3 views

SUSE CVE-2026-33030

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

9.9CVSS5.8AI score0.0028EPSS
Exploits1References3
Circl
Circl
added 2026/04/06 10:36 p.m.6 views

CVE-2026-35413

creationtimestamp| type| source ---|---|--- 2026-04-06 22:36:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miud7skcjm2i...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 9:31 p.m.6 views

EUVD-2025-209235

N/A...

5.9AI score0.00096EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/06 7:11 p.m.16 views

CVE-2026-35183 Brave CMS has an Insecure Direct Object Reference in Article Image Deletion

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

7.1CVSS0.00201EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 7:11 p.m.1 views

CVE-2026-35183 Brave CMS has an Insecure Direct Object Reference in Article Image Deletion

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

7.1CVSS5.9AI score0.00201EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:11 p.m.5 views

CVE-2026-35183

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

7.1CVSS5.9AI score0.00201EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/06 7:11 p.m.10 views

EUVD-2026-19460

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

7.1CVSS5.9AI score0.00201EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 7:11 p.m.10 views

CVE-2026-35183

CVE-2026-35183 : Brave CMS (open-source) has an IDOR in the article image deletion feature. The vulnerability is in deleteImage (app/Http/Controllers/Dashboard/ArticleController.php) where the endpoint accepts a filename from the URL without verifying ownership. This allows an authenticated user ...

7.1CVSS5.9AI score0.00201EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/04/06 6:20 p.m.54 views

CVE-2025-48651

Summary: CVE-2025-48651 pertains to StrongBox in Android. In KMKeymasterApplet.java’s importWrappedKey, insufficient input validation could allow access to restricted keys, enabling local information disclosure without extra privileges or user interaction. The issue is classed as a local vulnerab...

5.5CVSS6AI score0.00096EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/06 6:16 p.m.3 views

CVE-2026-35173

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 5:48 p.m.7 views

EUVD-2026-19420

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/06 5:48 p.m.1 views

CVE-2026-35173 Chyrp Lite has an IDOR via Mass Assignment in Post Model

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/06 4:15 p.m.19 views

CVE-2026-5668 Cyber-III Student-Management-System add%20notice.php cross site scripting

A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument $SERVER'PHPSELF' causes cross site scripting. It is possible to initiate th...

4.8CVSS0.00206EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/06 3:49 p.m.29 views

CVE-2026-34940 KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript function in internal/modelcontroller/engineollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash ...

8.7CVSS0.00448EPSS
Exploits3References1
Rows per page
Query Builder