Lucene search
K

4505 matches found

RedhatCVE
RedhatCVE
added 2025/10/12 9:23 a.m.10 views

CVE-2025-11518

The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX functions due to missing validation on a user controlled key that is exposed when wishlists are shared. This makes it...

5.3CVSS5.9AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/12 12:0 a.m.4 views

HCL Unica Centralized Offer Management 安全漏洞

HCL Unica Centralized Offer Management is a module of HCL India responsible for the unified management and distribution of offers. A security vulnerability exists in HCL Unica Centralized Offer Management that originates from an insecure direct object reference that could lead to unauthorized...

7.5CVSS6.6AI score0.00204EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/12 12:0 a.m.5 views

PT-2025-41703

Name of the Vulnerable Software and Affected Versions HCL Unica Centralized Offer Management affected versions not specified Description The software is susceptible to Insecure Direct Object References IDOR. This allows an attacker to bypass authorization controls and directly access resources...

4.2CVSS6.4AI score0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/11 9:30 a.m.5 views

EUVD-2025-33823

The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX functions due to missing validation on a user controlled key that is exposed when wishlists are shared. This makes it...

5.3CVSS5.4AI score0.00213EPSS
Exploits0References3
NVD
NVD
added 2025/10/11 9:15 a.m.3 views

CVE-2025-11518

The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX functions due to missing validation on a user controlled key that is exposed when wishlists are shared. This makes it...

5.3CVSS0.00213EPSS
Exploits0References2
CVE
CVE
added 2025/10/11 8:29 a.m.24 views

CVE-2025-11518

The CVE-2025-11518 issue affects the WPC Smart Wishlist for WooCommerce plugin for WordPress (versions ≤ 5.0.3). It is caused by an Insecure Direct Object Reference due to missing validation on a user-controlled key exposed when wishlists are shared, enabling unauthenticated attackers to manipula...

5.3CVSS5.5AI score0.00213EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/11 8:29 a.m.8 views

CVE-2025-11518 WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation

The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX functions due to missing validation on a user controlled key that is exposed when wishlists are shared. This makes it...

5.3CVSS0.00213EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/11 8:29 a.m.4 views

CVE-2025-11518 WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation

The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX functions due to missing validation on a user controlled key that is exposed when wishlists are shared. This makes it...

5.3CVSS5.5AI score0.00213EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/11 12:0 a.m.3 views

WordPress plugin WPC Smart Wishlist for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.7AI score0.00213EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/11 12:0 a.m.7 views

PT-2025-41649

Name of the Vulnerable Software and Affected Versions WPC Smart Wishlist for WooCommerce plugin for WordPress versions up to and including 5.0.3 Description The software is susceptible to an Insecure Direct Object Reference issue in several wishlist AJAX functions. This is due to a lack of...

5.3CVSS6.5AI score0.00213EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/10 1:56 p.m.2 views

CVE-2025-8887 IDOR in Usta Information Systems' Aybs Interaktif

Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation. This issue affects Aybs...

6.1CVSS5.4AI score0.00134EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 3:30 p.m.4 views

EUVD-2025-32714

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

5.3CVSS6.3AI score0.0024EPSS
Exploits0References2
CVE
CVE
added 2025/10/07 12:21 p.m.15 views

CVE-2025-40676

CVE-2025-40676 affects Negotiator v3.15.2 from BBMRI-ERIC. The vulnerability is an insecure direct object reference (IDOR) in the userID parameter of the /api/v3/users/ endpoint, enabling an attacker to access or modify unauthorised resources and potentially expose or alter sensitive data. The CV...

5.3CVSS6.4AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/07 12:21 p.m.5 views

CVE-2025-40676 Múltiples vulnerabilidades en Negotiator de BBMRI-ERIC

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

5.3CVSS0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/07 12:21 p.m.2 views

CVE-2025-40676 Múltiples vulnerabilidades en Negotiator de BBMRI-ERIC

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

5.3CVSS6.4AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-3383

Malware in sbrugna...

4.3CVSS4.8AI score0.01275EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-11271

Malware in sbrugna...

4.3CVSS5AI score0.00839EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-23004

Malware in sbrugna...

7.5CVSS7.5AI score0.02991EPSS
Exploits2References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2002-1538

Malware in sbrugna...

5CVSS6.4AI score0.01388EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-0869

Malware in sbrugna...

4CVSS6.4AI score0.00842EPSS
Exploits1References3
Rows per page
Query Builder