CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

EUVD-2026-33836

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

6.5CVSS5.8AI score0.00026EPSS

Exploits0References1

OSV•added 2026/03/26 6:8 p.m.•3 views

GHSA-G39V-QRJ6-JXRH AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and Transcriptions

Summary The AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user with AI permissions can reference any AI response ID — including those generat...

4.3CVSS5.9AI score0.00032EPSS

Exploits1References4

OSV•added 2026/03/20 6:53 a.m.•1 views

CVE-2026-33053 Langflow has Missing Ownership Verification in API Key Deletion (IDOR)

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the deleteapikeyroute endpoint accepts an apikeyid path parameter and deletes it with only a generic authentication check getcurrentactiveuser dependency. However, the deleteapikey CRUD...

6.1CVSS5.9AI score0.00057EPSS

Exploits0References3

OSV•added 2026/02/05 9:19 p.m.•2 views

GHSA-87FH-RC96-6FR6 Unauthenticated Spree Commerce users can access all guest addresses

Summary A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID parameters. This enables unauthorized access to other guests' personally identifiable information PII includi...

8.7CVSS5.9AI score0.00034EPSS

Exploits1References13

CNNVD•added 2026/01/23 12:0 a.m.•2 views

WordPress plugin “Add Expires Headers & Optimized Minify” has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

5.3CVSS5.8AI score0.00077EPSS

Exploits0References1

CVE•added 2025/11/19 6:45 a.m.•6 views

CVE-2025-13085

CVE-2025-13085 affects SiteSEO – SEO Simplified for WordPress (versions

4.3CVSS4.8AI score0.00044EPSS

Exploits0References5

Vulnrichment•added 2025/11/19 6:45 a.m.•3 views

CVE-2025-13085 SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolvevariables AJAX handler. This makes it possible for...

4.3CVSS4.8AI score0.00044EPSS

Exploits0References5

RedhatCVE•added 2025/10/28 2:38 a.m.•1 views

CVE-2025-62908

Missing Authorization vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Podlove Web Player: from n/a through = 5.9.1...

9.8CVSS7AI score0.00054EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-5527

Malware in sbrugna...

4.3CVSS4.6AI score0.00055EPSS

Exploits0References3

OSV•added 2025/02/11 6:15 p.m.•0 views

CVE-2025-24407

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability to perform actions with permissions that we...

7.1CVSS5.8AI score

Exploits0References1

CNNVD•added 2024/12/09 12:0 a.m.•1 views

WordPress plugin JS Job Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS8.7AI score0.00171EPSS

Exploits0References1

CVE•added 2024/10/21 12:0 a.m.•42 views

CVE-2024-48645

CVE-2024-48645 affects the Minecraft mod Command Block IDE (versions up to and including 0.4.9). The root cause is missing authorization (CWE-862) that lets any user on a dedicated server modify the mod’s game function files. Multiple connected records corroborate the basic vulnerability details ...

7.5CVSS6.9AI score0.0015EPSS

Exploits0References3

CNNVD•added 2024/07/09 12:0 a.m.•2 views