CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Hacker One•added 2024/04/19 3:48 p.m.•8 views

U.S. Dept Of Defense: [███] .NET Framework ObjRefs Disclosure (CVE-2024-29059)

A vulnerability was discovered in Microsoft .NET Framework that could allow a remote attacker to obtain sensitive information. The vulnerability was caused by the potential disclosure of ObjRef URIs, which could be used to perform .NET Remoting attacks via HTTP. The vulnerability was assigned the...

7.5CVSS6.9AI score0.98832EPSS

Exploits1

NVD•added 2024/04/19 2:15 p.m.•20 views

CVE-2024-32166

Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...

8.8CVSS6.6AI score0.00738EPSS

OSV•added 2024/04/19 2:15 p.m.•2 views

CVE-2024-32166

Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...

8.8CVSS5.8AI score0.00738EPSS

CNNVD•added 2024/04/19 12:0 a.m.•3 views

WeBid 安全漏洞

WeBid is an open source auction website building solution. A security vulnerability exists in WeBid v1.2.1, which stems from the presence of an insecure direct object reference and access control corruption vulnerability...

8.8CVSS6.9AI score0.00738EPSS

Exploits1References2

Vulnrichment•added 2024/04/19 12:0 a.m.•12 views

CVE-2024-32166

Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...

7AI score0.00738EPSS

CVE•added 2024/04/19 12:0 a.m.•48 views

CVE-2024-32166

The CVE-2024-32166 issue affects Webid v1.2.1 and is an Insecure Direct Object Reference (IDOR) leading to Broken Access Control. This allows horizontal privilege escalation—attackers can prematurely complete a purchase on a suspended auction. Root cause and exact vulnerable component are describ...

8.8CVSS6.9AI score0.00738EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/04/19 12:0 a.m.•24 views

CVE-2024-32166

Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...

6.8AI score0.00738EPSS

Positive Technologies•added 2024/04/19 12:0 a.m.•4 views

PT-2024-24453 · Webid · Webid

Name of the Vulnerable Software and Affected Versions: Webid version 1.2.1 Description: The issue allows attackers to exploit an Insecure Direct Object Reference IDOR vulnerability, which is a type of Broken Access Control vulnerability. This enables horizontal privilege escalation, permitting...

8.8CVSS7AI score0.00738EPSS

Exploits1References4

CNNVD•added 2024/04/19 12:0 a.m.•3 views

WordPress Plugin Wp Ultimate Review 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS6.8AI score0.00464EPSS

NVD•added 2024/04/18 11:15 a.m.•13 views

CVE-2023-6897

The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS4.3AI score0.00375EPSS

OSV•added 2024/04/18 11:15 a.m.•2 views

CVE-2023-6897

4.3CVSS5.8AI score0.00375EPSS

CVE•added 2024/04/18 11:5 a.m.•71 views

CVE-2023-6897

CVE-2023-6897 affects the EAN, UPC, ISBN Generator: Product Barcode Inventory for WooCommerce plugin (EAN for WooCommerce) for WordPress. The Red Hat entry confirms an Insecure Direct Object Reference in all versions up to 4.9.2 via the shortcode alg_wc_ean_product_meta, caused by missing validat...

4.3CVSS6.2AI score0.00375EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/04/18 11:5 a.m.•19 views

CVE-2023-6897 EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode

4.3CVSS4.6AI score0.00375EPSS

Vulnrichment•added 2024/04/18 11:5 a.m.•12 views

CVE-2023-6897 EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode

4.3CVSS5.9AI score0.00375EPSS

Packet Storm•added 2024/04/18 12:0 a.m.•281 views

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 0.01 Revision 0 Summary: The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a...

7.4AI score

Packet Storm•added 2024/04/18 12:0 a.m.•301 views

Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference

Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver. 4.00...

7.4AI score

Packet Storm•added 2024/04/18 12:0 a.m.•295 views

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.999 Revision 1243 1.317 Revision 602 1.220 Revision 1250 1.220 Revision 12481249 1.220 Revision 597 1.217 Revision 1242 1.214 Revision 1023 1.193 Revisi...

7.4AI score