CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/04/28 11:43 a.m.•3 views

CVE-2026-5780

8.5CVSS5.3AI score0.00201EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/28 11:43 a.m.•2 views

CVE-2026-5780 Multiple vulnerabilities in MphRx's Minerva

8.5CVSS5.3AI score0.00201EPSS

EUVD•added 2026/04/28 11:43 a.m.•3 views

EUVD-2026-26038

8.5CVSS5.3AI score0.00201EPSS

EUVD•added 2026/04/28 11:41 a.m.•8 views

EUVD-2026-26037

An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...

Cvelist•added 2026/04/28 11:41 a.m.•25 views

CVE-2026-5779 Multiple vulnerabilities in MphRx's Minerva

9.4CVSS0.00252EPSS

Vulnrichment•added 2026/04/28 11:41 a.m.•5 views

CVE-2026-5779 Multiple vulnerabilities in MphRx's Minerva

ATTACKERKB•added 2026/04/28 11:41 a.m.•5 views

CVE-2026-5779

Exploits0References2Affected Software1

CVE•added 2026/04/28 11:41 a.m.•22 views

CVE-2026-5779

CVE-2026-5779 affects MphRx Minerva 3.6.0, via insecure direct object reference in the /minerva/user/updateUserProfile endpoint. An authenticated user can modify other registered users’ data (e.g., email) and initiate a password reset through /webconnect/#/forgotPassword, potentially leading to f...

Exploits0References1Affected Software1

CNNVD•added 2026/04/28 12:0 a.m.•7 views

MphRx Minerva 访问控制错误漏洞

MphRx Minerva is a medical data integration and interoperability platform developed by MphRx Corporation. Version MphRx Minerva V3.6.0 contains a security vulnerability related to access control. This vulnerability stems from an insecure direct object reference in the /minerva/moUser/show endpoin...

8.5CVSS5.8AI score0.00201EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•7 views

PT-2026-35715

Name of the Vulnerable Software and Affected Versions Minerva version 3.6.0 Description An insecure direct object reference IDOR issue exists in the '/minerva/moUser/show/' endpoint. An authenticated user can access data of other registered users and obtain a user list by modifying the ID variabl...

8.5CVSS5.8AI score0.00201EPSS

Exploits0References4

CNNVD•added 2026/04/28 12:0 a.m.•6 views

MphRx Minerva 访问控制错误漏洞

9.4CVSS5.8AI score0.00252EPSS

EUVD•added 2026/04/27 11:0 a.m.•6 views

EUVD-2026-25829

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...

7.8CVSS5.2AI score0.00181EPSS

NVD•added 2026/04/24 6:16 a.m.•2 views

CVE-2026-6810

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dexbccfadminintcalendarlist.inc.php file due to missing validation on a user controlled key. This makes it possible for authenticated...

5.3CVSS0.0033EPSS

CVE•added 2026/04/24 5:29 a.m.•6 views

CVE-2026-6810

The Booking Calendar Contact Form WordPress plugin (versions

5.3CVSS5.7AI score0.0033EPSS

Cvelist•added 2026/04/24 5:29 a.m.•23 views

CVE-2026-6810 Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover

5.3CVSS0.0033EPSS

Vulnrichment•added 2026/04/24 5:29 a.m.•2 views

CVE-2026-6810 Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover

5.3CVSS5.3AI score0.0033EPSS

EUVD•added 2026/04/24 5:29 a.m.•3 views

EUVD-2026-25401

5.3CVSS5.7AI score0.0033EPSS