Lucene search
+L

168 matches found

EUVD
EUVD
added 2025/12/31 2:59 p.m.5 views

EUVD-2025-205943

Authorization Bypass Through User-Controlled Key vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.9.9.4...

5.3CVSS6.4AI score0.00203EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/31 11:5 a.m.5 views

CVE-2025-68979

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...

5.3CVSS7AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.6 views

WordPress plugin Order Cancellation & Returns for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.5AI score0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/30 10:47 a.m.3 views

CVE-2025-69029 WordPress Struktur theme <= 2.5.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through = 2.5.1...

5.4CVSS6.6AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.4 views

WordPress plugin wpDiscuz 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/29 9:16 p.m.3 views

CVE-2025-68502 WordPress JetPopup plugin <= 2.0.20.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through 2.0.20.1...

4.3CVSS6.6AI score0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.10 views

PT-2025-52550

Name of the Vulnerable Software and Affected Versions WP JobHunt plugin for WordPress versions prior to 7.8 Description The WP JobHunt plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This affects versions up to and including 7.7, stemming from a lack of validatio...

4.3CVSS6AI score0.00171EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.4 views

CVE-2025-10019

Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through = 1.3.60...

6.5CVSS7AI score0.00353EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.9 views

PT-2025-52265

Authorization Bypass Through User-Controlled Key vulnerability in RadiusTheme Radius Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Radius Blocks: from n/a through 2.2.1...

4.3CVSS7AI score0.00179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.7 views

PT-2025-51473

Name of the Vulnerable Software and Affected Versions Menulux Software Inc. Mobile App versions prior to 9.5.8 Description An authorization bypass exists in the Menulux Software Inc. Mobile App due to a vulnerability related to user-controlled keys and the exploitation of trusted identifiers. Thi...

7.5CVSS5.5AI score0.00266EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.10 views

PT-2025-51455

Name of the Vulnerable Software and Affected Versions g5theme Essential Real Estate versions through 5.2.2 Description An authorization bypass exists due to incorrectly configured access control security levels. This allows for unauthorized access. The issue is present in g5theme Essential Real...

6.5CVSS6.5AI score0.00221EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/13 9:41 a.m.6 views

CVE-2025-58137

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...

8.1CVSS6.9AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/12 9:21 a.m.33 views

CVE-2025-58137 Apache Fineract: IDOR via self-service API

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...

0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

Apache Fineract 安全漏洞

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from a security...

8.1CVSS6.4AI score0.00339EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.3 views

Netiket ApplyLogic 安全漏洞

Netiket ApplyLogic is a platform for automating processes from Netiket Turkey. A security vulnerability exists in Netiket ApplyLogic versions 01.12.2025 and earlier, which stems from a user-controllable key leading to an authorization bypass that could exploit trusted identifiers...

7.6CVSS6.7AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.6 views

WordPress plugin Return Refund and Exchange For WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.4CVSS6.8AI score0.00152EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989565)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989565 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cccipherexit kfreesensitivectxp-user.key will free the...

7.8CVSS5.7AI score0.00252EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/03 11:51 a.m.4 views

CVE-2025-0987 IDOR in CB Project's CVLand

Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection. This issue affects CVLand: from 2.1.0 through 20251103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

9.9CVSS5.4AI score0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/03 11:51 a.m.13 views

CVE-2025-0987 IDOR in CB Project's CVLand

Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection. This issue affects CVLand: from 2.1.0 through 20251103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

9.9CVSS0.0028EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2023-60054

Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery SSRF vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instruct the server to connect to internal unix...

9.3CVSS5.4AI score0.0037EPSS
Exploits0References4
Rows per page
Query Builder