Lucene search
K

34314 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 p.m.4 views

CVE-2026-32120

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/25 10:27 p.m.4 views

EUVD-2026-16010

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References3
OSV
OSV
added 2026/03/25 10:27 p.m.3 views

CVE-2026-32120 OpenEMR has IDOR in Fee Sheet Product Save

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6.1AI score0.00254EPSS
Exploits1References5
OSV
OSV
added 2026/03/25 9:55 p.m.6 views

GHSA-R64R-883R-WCWH AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment

Summary The CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured the default state, the key validation check is completely bypassed, allowin...

8.6CVSS6AI score0.00356EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/25 9:30 p.m.6 views

EUVD-2026-15976

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation...

6.5CVSS5.8AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 9:30 p.m.5 views

EUVD-2025-209022

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

5.7CVSS5.8AI score0.00327EPSS
Exploits0References2
OSV
OSV
added 2026/03/25 9:17 p.m.2 views

GHSA-JFMM-MJCP-8WQ2 Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion

Summary TaskAttachment.ReadOne queries attachments by ID only WHERE id = ?, ignoring the task ID from the URL path. The permission check in CanRead validates access to the task specified in the URL, but ReadOne loads a different attachment that may belong to a task in another project. This allows...

8.1CVSS5.9AI score0.00265EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/25 9:13 p.m.2 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the POSIXREGEXSOURCE object. An attacker can cause unintended files to be matched by injecting specially crafted POSIX bracket expressions that reference inherited method names, leading to incorrect glob matching...

6.9CVSS6.5AI score0.0041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/25 8:40 p.m.5 views

CVE-2026-1014

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation...

6.5CVSS5.8AI score0.00214EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/25 8:20 p.m.21 views

CVE-2025-14974 IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

5.7CVSS0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 8:20 p.m.3 views

CVE-2025-14974 IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

5.7CVSS5.9AI score0.00327EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 8:20 p.m.11 views

CVE-2025-14974

CVE-2025-14974 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6 and is caused by insecure direct object reference (IDOR). Potential impact: unauthorized access to protected objects with high confidentiality impact as per sources. Affected versions and remediation are documented in IBM’...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 8:20 p.m.9 views

CVE-2025-14974

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

5.7CVSS5.8AI score0.00327EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/25 8:5 p.m.3 views

GHSA-87MJ-5GGW-8QC3 pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. Patches This has been fixed in pypdf==6.9.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3693...

8.2CVSS5.7AI score0.00455EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/25 8:5 p.m.3 views

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in the readfromstream function of DictionaryObject. An attacker can cause the application to enter an infinite loop ...

8.2CVSS5.8AI score0.00455EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.6 views

EUVD-2026-15860

Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through 1.7...

5.8AI score0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.8 views

EUVD-2026-15864

Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through 1.3...

5.8AI score0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.6 views

EUVD-2026-15868

Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through 1.10...

5.8AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15870

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...

8.8CVSS5.8AI score0.00279EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.11 views

EUVD-2026-15862

Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through 1.8...

5.8AI score0.00167EPSS
Exploits0References2
Rows per page
Query Builder