Lucene search
K

21949 matches found

OSV
OSV
added 2026/03/27 7:10 a.m.6 views

BIT-DISCOURSE-2026-32114 Discourse's unscoped status lookups leak restricted metadata

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their identifiers. Th...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.5 views

CVE-2026-33931

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 1:16 a.m.3 views

CVE-2026-33730

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

6.5CVSS0.00277EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:30 a.m.2 views

CVE-2026-33730

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/27 12:30 a.m.25 views

CVE-2026-33730 Open Source Point of Sale has an IDOR in Password Change (Home)

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

6.5CVSS0.00277EPSS
Exploits1References2
Redos
Redos
added 2026/03/27 12:0 a.m.6 views

ROS-20260327-73-0017

Vulnerability in golang related to the use of a name with an invalid reference. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

2.5CVSS5.9AI score0.00201EPSS
Exploits0
OSV
OSV
added 2026/03/26 11:54 p.m.3 views

CVE-2026-29071 Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection. Version 0.8.6 patches the issue...

3.1CVSS5.9AI score0.00253EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/26 11:54 p.m.26 views

CVE-2026-29071 Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection. Version 0.8.6 patches the issue...

3.1CVSS0.00253EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.5 views

CVE-2025-14974

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 9:31 p.m.7 views

EUVD-2026-16326

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

5.9CVSS5.9AI score0.58204EPSS
Exploits9References3
Snyk
Snyk
added 2026/03/26 8:33 p.m.1 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via disclosure of the link share hash combined with an insecure direct object reference in attachment handling. An attacker can access sensitive data across the entire instance by chainin...

9.3CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/03/26 8:33 p.m.3 views

GO-2026-4853 Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion in code.vikunja.io/api

Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

8.1CVSS5.9AI score0.00265EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 8:33 p.m.10 views

GO-2026-4814 New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api...

6.5CVSS5.8AI score0.00274EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/26 8:33 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the mTLS or WireGuard transports. An attacker can cause the process to consume excessive memory and potentially crash by sending specially crafted authenticated requests that...

7.1CVSS6.4AI score0.00298EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/26 6:56 p.m.2 views

Replay Attack

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Replay Attack due to improper derivation of the replay key in the webhook-security.ts process. An attacker can bypass replay protection and submit multiple authenticated requests by...

8.3CVSS5.9AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 6:19 p.m.3 views

CGA-MQXF-8852-RQ46

Bulletin has no description...

5.5CVSS5.8AI score0.00117EPSS
Exploits0
NVD
NVD
added 2026/03/26 6:16 p.m.5 views

CVE-2026-33487

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...

7.5CVSS0.00299EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2026/03/26 5:17 p.m.9 views

CVE-2026-33487

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...

7.5CVSS5.9AI score0.00299EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.4 views

CVE-2025-20073

Improper buffer restrictions in the UEFI DXE module for some IntelR Reference Platforms within UEFI may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

1.8CVSS5.9AI score0.00095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.3 views

CVE-2025-20096

Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access when...

5.9CVSS5.8AI score0.00137EPSS
Exploits0References1
Rows per page
Query Builder