Lucene search
K

7 matches found

EUVD
EUVD
added 2026/05/14 12:26 p.m.12 views

EUVD-2026-30269

Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 12:26 p.m.6 views

CVE-2026-5798

Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-14352

Malware in sbrugna...

4.3CVSS4.8AI score0.00582EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.9 views

CVE-2024-12812

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters to access the data of terminated employees...

7.5CVSS7.4AI score0.00444EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:6 p.m.40 views

CVE-2024-12812

CVE-2024-12812 affects the WP ERP plugin for WordPress (WooCommerce CRM & Accounting), specifically versions prior to 1.13.4. The issue is an IDOR that lets authenticated users manipulate parameters to access data of terminated employees. The root cause is improper access control around parameter...

7.5CVSS7.4AI score0.00444EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.4 views

PT-2025-21446 · WordPress · Wp Erp

Name of the Vulnerable Software and Affected Versions: The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin versions prior to 1.13.4 Description: The issue allows employees to manipulate parameters and access the data of terminated...

7.5CVSS7.5AI score0.00444EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.5 views

Larvata Flygo 安全漏洞

Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker, after authenticating as an ordinary user, to arbitrarily access employee data by manipulating the employee ID i...

8.8CVSS8.3AI score0.01064EPSS
Exploits0References2
Rows per page
Query Builder