Lucene search
K

21946 matches found

CVE
CVE
added 2026/04/01 1:40 a.m.12 views

CVE-2026-4947

Foxit eSign was affected by an insecure direct object reference (IDOR) in the signing invitation acceptance flow. The root cause was insufficient authorization validation on referenced resources during request processing, potentially allowing an attacker to access or modify unauthorized resources...

7.1CVSS5.9AI score0.00174EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 1:40 a.m.2 views

CVE-2026-4947

Addressed a potential insecure direct object reference IDOR vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially...

7.1CVSS5.9AI score0.00174EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/01 1:40 a.m.29 views

CVE-2026-4947 Insecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign

Addressed a potential insecure direct object reference IDOR vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially...

7.1CVSS0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 1:40 a.m.3 views

CVE-2026-4947 Insecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign

Addressed a potential insecure direct object reference IDOR vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially...

7.1CVSS5.9AI score0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 1:6 a.m.2 views

CVE-2026-4374

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service allows Serialized Data External Linking, Data Serializat...

8.8CVSS5.9AI score0.00235EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.3 views

PT-2026-29443

Addressed a potential insecure direct object reference IDOR vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially...

7.1CVSS5.9AI score0.00174EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/31 11:58 p.m.4 views

WordPress User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field vulnerability

WordPress User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.15.5 - Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Post Author Reassignment via Avatar Field vulnerability discovered by type5afe in WordPress Plugin Profile...

4.3CVSS5.9AI score0.00171EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.2 views

CVE-2026-33030

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

9.9CVSS5.9AI score0.0028EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 10:16 p.m.2 views

CVE-2026-34406

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...

9.4CVSS0.00505EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/03/31 4:12 p.m.2 views

ajv: ReDoS via $data reference

A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS Regular Expression Denial of...

7.5CVSS6.3AI score0.00492EPSS
Exploits1References5
OSV
OSV
added 2026/03/31 3:30 p.m.1 views

ECHO-4B9F-FBF8-C429

Bulletin has no description...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 2:15 p.m.3 views

MINI-FM3P-874H-MCP5

Bulletin has no description...

2.8CVSS5.8AI score0.00153EPSS
Exploits0
OSV
OSV
added 2026/03/31 2:15 p.m.2 views

MINI-RMX5-26HX-5FH8

Bulletin has no description...

5CVSS5.8AI score0.00147EPSS
Exploits0
OSV
OSV
added 2026/03/31 2:15 p.m.2 views

MINI-GP5C-MVRH-JVFM

Bulletin has no description...

2.8CVSS5.8AI score0.00153EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/31 1:46 p.m.2 views

CVE-2026-34165 go-git: Maliciously crafted idx file can cause asymmetric memory consumption

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

5CVSS5.7AI score0.00147EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/31 12:31 p.m.7 views

EUVD-2026-17365

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppbsaveavatarvalue function due to missing validation on a user controlled key...

4.3CVSS6AI score0.00171EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/31 12:31 p.m.3 views

EUVD-2026-17359

Insecure Direct Object Reference IDOR vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, coul...

7CVSS6AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 12:16 p.m.5 views

CVE-2026-3139

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppbsaveavatarvalue function due to missing validation on a user controlled key...

4.3CVSS0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 11:18 a.m.29 views

CVE-2026-3139 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppbsaveavatarvalue function due to missing validation on a user controlled key...

4.3CVSS0.00171EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 11:18 a.m.1 views

CVE-2026-3139 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppbsaveavatarvalue function due to missing validation on a user controlled key...

4.3CVSS6AI score0.00171EPSS
Exploits0References2
Rows per page
Query Builder