Lucene search
K

21951 matches found

GithubExploit
GithubExploit
added 2026/03/26 11:4 a.m.168 views

AppSec-Penetration-Testing-Lab

🔐 AppSec Penetration Testing Lab A hands-on application sec...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 9:1 a.m.5 views

CVE-2026-23350

A flaw was found in the Linux kernel. When an execution queue fails to initialize in the drm/xe/queue component, the system does not properly finalize it, leaving a damaged entry in a critical lookup list. This can lead to an invalid memory reference, potentially causing system instability or a...

5.9AI score0.00129EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:5 a.m.4 views

nfc: pn533: properly drop the usb interface reference on disconnect

...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
CVE
CVE
added 2026/03/26 3:37 a.m.16 views

CVE-2026-2931

The CVE-2026-2931 entry concerns the Amelia Booking plugin for WordPress (versions up to and including 9.1.2). The vulnerability is an Insecure Direct Object Reference that allows a user-controlled access to objects, enabling authenticated users with customer-level permissions or higher to change...

8.8CVSS5.8AI score0.00382EPSS
In wildExploits0References4
Cvelist
Cvelist
added 2026/03/26 3:37 a.m.29 views

CVE-2026-2931 Amelia Booking <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS0.00382EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/26 12:33 a.m.24 views

CVE-2026-33287 LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS0.00471EPSS
Exploits1References2
NVD
NVD
added 2026/03/26 12:16 a.m.12 views

CVE-2026-33931

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS0.00351EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/25 11:49 p.m.6 views

EUVD-2026-16048

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

8.1CVSS5.9AI score0.00274EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/25 11:49 p.m.30 views

CVE-2026-34055 OpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modification

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

8.1CVSS0.00267EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 11:49 p.m.9 views

CVE-2026-34055

OpenEMR contains an IDOR in the web UI: legacy patient notes updates/deletes in library/pnotes.inc.php use WHERE id = ? without verifying the note belongs to the user’s accessible patient. Multiple web UI callers pass user-controlled note IDs, enabling unauthorized access/modification. Affects ve...

8.1CVSS5.9AI score0.00267EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 11:36 p.m.5 views

CVE-2026-33931 OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:36 p.m.3 views

CVE-2026-33931

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/25 11:36 p.m.16 views

CVE-2026-33931

Vulnerability summary (CVE-2026-33931) : OpenEMR prior to version 8.0.0.3 contains an insecure direct object reference (IDOR) in the patient portal payment page. By manipulating the recid parameter in portal/portal_payment.php, any authenticated portal patient could access other patients’ payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/25 11:36 p.m.3 views

CVE-2026-33931 OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.9AI score0.00351EPSS
Exploits1References5
NVD
NVD
added 2026/03/25 11:17 p.m.5 views

CVE-2026-32120

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS0.00254EPSS
Exploits1References3
OSV
OSV
added 2026/03/25 10:27 p.m.3 views

CVE-2026-32120 OpenEMR has IDOR in Fee Sheet Product Save

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6.1AI score0.00254EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 p.m.4 views

CVE-2026-32120

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/25 9:30 p.m.5 views

EUVD-2025-209022

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

5.7CVSS5.8AI score0.00327EPSS
Exploits0References2
OSV
OSV
added 2026/03/25 9:17 p.m.3 views

GHSA-JFMM-MJCP-8WQ2 Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion

Summary TaskAttachment.ReadOne queries attachments by ID only WHERE id = ?, ignoring the task ID from the URL path. The permission check in CanRead validates access to the task specified in the URL, but ReadOne loads a different attachment that may belong to a task in another project. This allows...

8.1CVSS5.9AI score0.00265EPSS
Exploits1References4
CVE
CVE
added 2026/03/25 8:20 p.m.11 views

CVE-2025-14974

CVE-2025-14974 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6 and is caused by insecure direct object reference (IDOR). Potential impact: unauthorized access to protected objects with high confidentiality impact as per sources. Affected versions and remediation are documented in IBM’...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder