Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/02/26 8:31 p.m.4 views

CVE-2026-26973

Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...

4.3CVSS0.00054EPSS
Exploits0References1
CVE
CVEadded 2026/02/18 4:35 a.m.7 views

CVE-2025-12071

CVE-2025-12071 — WordPress Frontend User Notes plugin vulnerable to Insecure Direct Object Reference. The flaw affects versions up to 2.1.0 and stems from missing validation on a user-controlled key in the funp_ajax_modify_notes endpoint, enabling authenticated attackers with Subscriber-level acc...

4.3CVSS5.7AI score0.00039EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/11/07 5:29 a.m.2 views

CVE-2025-12527 Page & Post Notes <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/Deletion

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.6AI score0.00045EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/11/07 12:0 a.m.2 views

WordPress plugin Page & Post Notes 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.1AI score0.00045EPSS
Exploits0References5
CNNVD
CNNVDadded 2024/12/18 12:0 a.m.2 views

PHPGurukul Online Notes Sharing Management System 安全漏洞

PHPGurukul Online Notes Sharing Management System is an online notes sharing management system from PHPGurukul Inc. A security vulnerability exists in PHPGurukul Online Notes Sharing Management System v1.0, which stems from a lack of authorization checking and an IDOR vulnerability that allows...

4.3CVSS6.7AI score0.00082EPSS
Exploits1References1
Veracode
Veracodeadded 2018/11/30 5:11 a.m.12 views

Direct Object Reference

ShowDoc is vulnerable to direct object reference. A remote attacker is able to navigate and retrieve or modify notes belonging to other users by modifying the pageid...

4.3CVSS5.1AI score0.00132EPSS
Exploits1References3Affected Software1
CNVD
CNVDadded 2018/11/28 12:0 a.m.1 views

ShowDoc Annotation Editing Vulnerability

ShowDoc is an online document sharing tool. A security vulnerability exists in ShowDoc version 2.4.1. A remote attacker can exploit the vulnerability to modify a user's notes with a modified 'pageid' parameter...

4.3CVSS4.8AI score0.00132EPSS
Exploits1References1
Rows per page
Query Builder