Lucene search
K

21947 matches found

NVD
NVD
added 2026/03/30 2:16 a.m.5 views

CVE-2026-3124

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary...

7.5CVSS0.00269EPSS
Exploits0References2
CVE
CVE
added 2026/03/30 1:24 a.m.13 views

CVE-2026-3124

The CVE-2026-3124 issue affects the WordPress Download Monitor plugin up to version 5.1.7. The root cause is Insecure Direct Object Reference via the executePayment() function due to missing validation on a user controlled key. This enables unauthenticated attackers to complete arbitrary pending ...

7.5CVSS6AI score0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/30 1:24 a.m.28 views

CVE-2026-3124 Download Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id'

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary...

7.5CVSS0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/30 1:24 a.m.1 views

CVE-2026-3124 Download Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id'

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary...

7.5CVSS6AI score0.00269EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/30 1:24 a.m.3 views

CVE-2026-3124

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary...

7.5CVSS6AI score0.00269EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.7 views

SUSE: Security Advisory (SUSE-SU-2026:1091-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS5.9AI score0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.7 views

PT-2026-28427

Name of the Vulnerable Software and Affected Versions Download Monitor plugin for WordPress versions prior to 5.1.8 Description The software contains an Insecure Direct Object Reference issue in the executePayment function. Missing validation on a user-controlled key allows unauthenticated...

7.5CVSS6AI score0.00269EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2026/03/30 12:0 a.m.9 views

kernel security update

4.18.0-553.115.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

7.8CVSS6.8AI score0.00253EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.6 views

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI 2.3.3 and earlier have security vulnerabilities. These vulnerabilities stem from insecure direct object references, allowing any authenticated user to access, modify, and delete resources of other users...

9.9CVSS5.8AI score0.0028EPSS
Exploits1References2
NVD
NVD
added 2026/03/29 6:16 p.m.3 views

CVE-2026-0562

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function in backend/routers/friends.py does not implement proper authorization checks, enabling Insecure Direct...

8.3CVSS0.00268EPSS
Exploits1References3
OSV
OSV
added 2026/03/29 6:16 p.m.4 views

PYSEC-2026-204

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function in backend/routers/friends.py does not implement proper authorization checks, enabling Insecure Direct...

8.3CVSS7.3AI score0.00268EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/29 5:49 p.m.25 views

CVE-2026-0562 Insecure Direct Object Reference (IDOR) in parisneo/lollms

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function in backend/routers/friends.py does not implement proper authorization checks, enabling Insecure Direct...

8.3CVSS0.00268EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/29 5:49 p.m.1 views

CVE-2026-0562 Insecure Direct Object Reference (IDOR) in parisneo/lollms

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function in backend/routers/friends.py does not implement proper authorization checks, enabling Insecure Direct...

8.3CVSS5.8AI score0.00268EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/29 5:49 p.m.3 views

CVE-2026-0562

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function in backend/routers/friends.py does not implement proper authorization checks, enabling Insecure Direct...

8.3CVSS5.8AI score0.00268EPSS
Exploits1References3
CVE
CVE
added 2026/03/29 5:49 p.m.16 views

CVE-2026-0562

CVE-2026-0562 affects parisneo/lollms up to version 2.2.0. The vulnerability is an IDOR in the respond_request() flow at /api/friends/requests/{friendship_id}, where the authenticated user is not checked for membership in the friendship or for being the intended recipient. As described in Red Hat...

8.3CVSS7AI score0.00268EPSS
Exploits1References3Affected Software1
Circl
Circl
added 2026/03/29 5:0 p.m.4 views

CVE-2026-23298

creationtimestamp| type| source ---|---|--- 2026-03-29 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0376/ 2026-05-05 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities20260506 2026-05-31 20:00:00+00:00| seen|...

5.5CVSS4.2AI score0.00123EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/29 12:0 a.m.1 views

openSUSE 16 Security Update : nghttp2 (openSUSE-SU-2026:20413-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20413-1 advisory. This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845. Tenab...

7.5CVSS6AI score0.00775EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.5 views

CVE-2026-33730

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

6.5CVSS5.9AI score0.00277EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/03/28 12:27 a.m.3 views

SUSE CVE-2026-30886

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference IDOR vulnerability in the video proxy endpoint GET /v1/videos/:taskid/content allows any authenticated user to access video...

6.5CVSS5.9AI score0.00274EPSS
Exploits1References3
Circl
Circl
added 2026/03/27 11:28 p.m.3 views

GHSA-3MFM-83XF-C92R

creationtimestamp| type| source ---|---|--- 2026-03-27 23:28:03+00:00| seen| Telegram/EI25wC4yN3TaatXDJQ6U03Lar3nhYMfqPNXio5Iaw2cNO8 2026-03-30 21:51:08+00:00| seen| https://gist.github.com/duard/9050043d2c682a90a7a5815d1d985bac...

5AI score
Exploits0References1
Rows per page
Query Builder