Lucene search
K

7 matches found

NVD
NVD
added 6 hours ago6 views

CVE-2026-12433

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS
Exploits0References10
Cvelist
Cvelist
added 8 hours ago7 views

CVE-2026-12433 Hydra Booking <= 1.2.1 - Authenticated (Custom+) Insecure Direct Object Reference to Sensitive Information Exposure via 'booking_id' Parameter

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS
Exploits0References10
CVE
CVE
added 8 hours ago7 views

CVE-2026-12433

The CVE describes a vulnerability in the Hydra Booking WordPress plugin (versions up to 1.2.1) where an Insecure Direct Object Reference in the /wp-json/hydra-booking/v1/booking/details/{id} endpoint allows authenticated hosts with the tfhb_manage_options capability to view booking records from o...

4.3CVSS5.9AI score
Exploits0References10
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-42550

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score
Exploits0References10
OpenVAS
OpenVAS
added 2024/09/17 12:0 a.m.10 views

MongoDB Server Library Local Privilege Escalation Vulnerability (SERVER-69507) - Linux

MongoDB is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb";...

6.7CVSS8.4AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2023/06/06 2:0 a.m.28 views

GHSA-P976-H52C-26P6 Rancher vulnerable to Privilege Escalation via manipulation of Secrets

Impact A vulnerability has been identified which enables Standard users or above to elevate their permissions to Administrator in the local cluster. The local cluster means the cluster where Rancher is installed. It is named local inside the list of clusters in the Rancher UI. Standard users coul...

9.9CVSS8.7AI score0.00715EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/02/24 12:0 a.m.8 views

Cisco Application Services Engine 访问控制错误漏洞

Cisco Application Services Engine provides a common platform for deploying Cisco data center applications. An unauthorized access vulnerability exists in Cisco Application Services Engine 1.13d and earlier versions, which can be exploited by a remote, unauthenticated attacker to elevate access to...

9.8CVSS6.8AI score0.01006EPSS
Exploits0References4
Rows per page
Query Builder