Lucene search
K

21947 matches found

CVE
CVE
added 2026/03/31 11:18 a.m.14 views

CVE-2026-3139

The CVE-2026-3139 vulnerability affects the WordPress plugin “User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor” up to version 3.15.5. The issue is insecure direct object reference via wppb_save_avatar_value(), caused by missing validation on a user-contro...

4.3CVSS6AI score0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 11:16 a.m.8 views

CVE-2026-4400

Insecure Direct Object Reference IDOR vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, coul...

7CVSS0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/31 10:12 a.m.21 views

CVE-2026-4400 Multiple vulnerabilities in 1millionbot Millie chatbot

Insecure Direct Object Reference IDOR vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, coul...

7CVSS0.00209EPSS
Exploits0References1
Circl
Circl
added 2026/03/31 5:17 a.m.3 views

GHSA-C4R5-FXQW-VH93

creationtimestamp| type| source ---|---|--- 2026-03-31 05:17:42+00:00| seen| Telegram/62pZ0M7EEU9QzqUpq3hJFXhFPR-ebrkyPJ1cBwC7xQpoTU0...

4.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/31 4:59 a.m.4 views

CVE-2026-3124

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary...

7.5CVSS6AI score0.00269EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/31 12:0 a.m.8 views

Botan C++ Crypto Algorithms Library 3.11.1

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...

5.9AI score0.00861EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.7 views

PT-2026-29224

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppb save avatar value function due to missing validation on a user controlled key...

4.3CVSS6AI score0.00171EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29274

Content removed...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/30 10:52 p.m.3 views

CVE-2026-0562

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function in backend/routers/friends.py does not implement proper authorization checks, enabling Insecure Direct...

8.3CVSS7AI score0.00268EPSS
Exploits1References1
NVD
NVD
added 2026/03/30 6:16 p.m.13 views

CVE-2026-33030

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

9.9CVSS0.0028EPSS
Exploits1References1
OSV
OSV
added 2026/03/30 5:58 p.m.5 views

CVE-2026-33030 Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

8.8CVSS5.9AI score0.0028EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/03/30 4:23 p.m.5 views

kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies

A flaw was found in the kernel subsystem handling of the DRM scheduler. Under certain error conditions, the function drmschedjobadddependency consumes a fence reference and then later erroneously attempts to free it again double free. This may lead to memory corruption and, in some configurations...

7.1AI score0.00183EPSS
Exploits0References5
NVD
NVD
added 2026/03/30 4:16 p.m.5 views

CVE-2026-5123

A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data1 can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The...

6.3CVSS0.00409EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/03/30 3:45 p.m.5 views

kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies

A flaw was found in the kernel subsystem handling of the DRM scheduler. Under certain error conditions, the function drmschedjobadddependency consumes a fence reference and then later erroneously attempts to free it again double free. This may lead to memory corruption and, in some configurations...

5.8AI score0.00183EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/30 3:45 p.m.10 views

kernel: can: j1939: j1939_session_new(): fix skb reference counting

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sessionnew: fix skb reference counting Since j1939sessionskbqueue does an extra skbget for each new skb, do the same for the initial one in j1939sessionnew to avoid refcount underflow. mkl: clean up commit messag...

5.5CVSS5.7AI score0.00224EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/30 11:32 a.m.4 views

kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies

A flaw was found in the kernel subsystem handling of the DRM scheduler. Under certain error conditions, the function drmschedjobadddependency consumes a fence reference and then later erroneously attempts to free it again double free. This may lead to memory corruption and, in some configurations...

5.8AI score0.00183EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/03/30 7:44 a.m.4 views

WordPress Download Monitor plugin <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id' vulnerability

Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'orderid' vulnerability discovered by Hung Nguyen bashu - VN in WordPress Plugin Download Monitor versions = 5.1.7...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2026/03/30 7:2 a.m.3 views

CVE-2026-30935

creationtimestamp| type| source ---|---|--- 2026-03-30 07:02:34+00:00| seen| https://infosec.exchange/users/certvde/statuses/116316841599408182...

4.4CVSS5.8AI score0.00105EPSS
Exploits0References1
Circl
Circl
added 2026/03/30 5:35 a.m.8 views

CVE-2026-5104

creationtimestamp| type| source ---|---|--- 2026-03-30 05:35:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miawwhwma224...

8.8CVSS6.3AI score0.02483EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/30 3:30 a.m.4 views

EUVD-2026-17052

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary...

7.5CVSS6AI score0.00269EPSS
Exploits0References3
Rows per page
Query Builder