CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-2496

Malware in sbrugna...

4CVSS3.8AI score0.00228EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 10:24 a.m.•4 views

CVE-2024-38447

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user...

8.1CVSS7AI score0.00266EPSS

Exploits1References1

OSV•added 2019/03/24 10:29 p.m.•1 views

CVE-2019-10014

In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated...

6.5CVSS6.8AI score

Exploits0References1

OSV•added 2018/09/12 8:29 p.m.•3 views

CVE-2018-16970

Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to download non-purchased course files via a modified id parameter...

4.3CVSS5.8AI score0.00199EPSS

Exploits2References1

Prion•added 2018/03/05 7:29 a.m.•15 views

Code injection

TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php...

5CVSS7.5AI score0.00315EPSS

Exploits1References1Affected Software1

NVD•added 2016/11/11 10:59 p.m.•19 views

CVE-2016-9285

framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue...

5.3CVSS5.1AI score0.00213EPSS

Exploits0References3

NVD•added 2013/09/08 4:55 p.m.•9 views

CVE-2013-3596

AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter...

4CVSS5.9AI score0.00248EPSS

Exploits0References2

Cvelist•added 2013/09/08 4:0 p.m.•11 views

CVE-2013-3596

AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter...

5.9AI score0.00248EPSS

Exploits0References2

NVD•added 2012/08/22 10:42 a.m.•18 views

CVE-2012-4594

McAfee ePolicy Orchestrator ePO 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL...

4CVSS6AI score0.00156EPSS

Exploits0References2

NVD•added 2009/09/08 10:30 a.m.•7 views

CVE-2008-7180

delquery1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable...

5CVSS6.7AI score0.02823EPSS

Exploits0References2

Cvelist•added 2009/09/08 10:0 a.m.•13 views

CVE-2008-7180

delquery1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable...

6.7AI score0.02823EPSS

Exploits0References2

Prion•added 2008/04/22 4:41 a.m.•8 views

Design/Logic Flaw

optionUpdate.asp in Carbon Communities 2.4 and earlier allows remote attackers to edit arbitrary member information via a modified ID field...

7.5CVSS7.1AI score0.00502EPSS

Exploits0References2Affected Software1

Prion•added 2007/07/06 6:30 p.m.•11 views

Code injection

PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields...

6.5CVSS6.9AI score0.00747EPSS

Exploits0References5

NVD•added 2007/07/06 6:30 p.m.•12 views

CVE-2007-3592

PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields...

6.5CVSS6.4AI score0.00747EPSS

Exploits0References5

Cvelist•added 2007/07/06 6:0 p.m.•13 views

CVE-2007-3592

PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields...

6.4AI score0.00747EPSS

Exploits0References5

NVD•added 2007/02/12 5:28 p.m.•9 views

CVE-2006-6999

attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter...

4.3CVSS6.5AI score0.00409EPSS

Exploits1References1

Cvelist•added 2007/02/12 5:0 p.m.•12 views

CVE-2006-6999

attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter...

6.5AI score0.00409EPSS

Exploits1References1

Cvelist•added 2005/12/01 11:0 a.m.•15 views

CVE-2005-3961

exporthandler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter...

6.3AI score0.01466EPSS

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by