Lucene search
K

956 matches found

Patchstack
Patchstack
added 2026/06/10 9:40 a.m.6 views

WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin VikRentCar versions = 1.4.5...

7.5CVSS5.3AI score0.0023EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

WordPress plugin BuddyPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.5AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.10 views

WordPress plugin BuddyPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.6CVSS5.4AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-6355

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...

6.5CVSS5.5AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.9 views

CVE-2025-14481

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

4.3CVSS5.4AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS5.5AI score0.00293EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/05 10:28 a.m.9 views

WordPress Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Attachment Deletion vulnerability discovered by Khanh Nguyen - BlueRock in WordPress Plugin Charitable versions = 1.8.11.1...

4.3CVSS5.5AI score0.00285EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Linqi 安全漏洞

Linqi is an English speaking practice platform developed by the German company Linqi. The platform combines human language interaction with AI feedback. Linqi has a security vulnerability, which stems from the lack of authorized checks. As a result, any authenticated user can read and write...

7.1CVSS5.3AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.13 views

ITPison OMICARD EDM 安全漏洞

ITPison OMICARD EDM is a high-speed electronic newspaper EDM marketing distribution system developed by the Chinese company ITPison. ITPison OMICARD EDM has a security vulnerability that stems from insecure direct object references. This vulnerability could allow unauthorized remote attackers to...

6.9CVSS5.4AI score0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

LibreChat 安全漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. LibreChat versions 0.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from...

7.1CVSS5.4AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Kiteworks 安全漏洞

Kiteworks is a secure private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow authenticated users to...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Kiteworks 安全漏洞

Kiteworks is a secure private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow authenticated users to...

6.5CVSS5.3AI score0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Kiteworks 安全漏洞

Kiteworks is a secure private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow authenticated users to...

5.4CVSS5.4AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Kiteworks 安全漏洞

Kiteworks is a secure private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow authenticated users to...

4.3CVSS5.4AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.13 views

CVE-2026-44794

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 5:1 p.m.21 views

CVE-2026-44794

Summary of CVE-2026-44794 Nautobot’s REST API, prior to versions 2.4.33 and 3.1.2, failed to enforce user permissions when validating inter-object references made via GenericForeignKey during create/update of objects containing such references. This could allow a user to reference an object they ...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WordPress plugin Meta Field Block 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.10 views

CVE-2026-42725 WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Files Upload for WooCommerce: from n/a through =...

6.5CVSS5.8AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 5:16 a.m.14 views

CVE-2025-14481

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

4.3CVSS0.00288EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/27 2:2 a.m.9 views

WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin BP Better Messages versions = 2.14.16...

7.5CVSS5.8AI score0.00246EPSS
Exploits0Affected Software1
Rows per page
Query Builder