Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/05/19 4:43 a.m.41 views

CVE-2026-32994

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

5.3CVSS0.00252EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:25 p.m.3 views

CVE-2026-34370

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/26 10:38 p.m.8 views

CVE-2026-28217 IDOR in GraphQL userCollection Query Exposes Other Users' Private Collections

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the userCollection GraphQL query accepts an arbitrary collection ID and returns the full collection data — including title, type, and the serialized data field containing HTTP requests with headers and potentially...

6.5CVSS6AI score0.00369EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.12 views

PT-2026-2940

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS6.5AI score0.00306EPSS
Exploits1References2
OSV
OSV
added 2024/12/17 9:15 p.m.3 views

CVE-2024-55058

An insecure direct object reference IDOR vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the...

4.3CVSS5.8AI score0.00229EPSS
Exploits1References1
OSV
OSV
added 2017/07/21 8:29 p.m.6 views

CVE-2017-1371

Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864...

8.8CVSS5.9AI score0.01263EPSS
Exploits0References2
OSV
OSV
added 2017/07/21 8:29 p.m.5 views

CVE-2017-1373

Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866...

8.8CVSS5.9AI score0.01972EPSS
Exploits0References3
Rows per page
Query Builder