Lucene search
K

34370 matches found

Patchstack
Patchstack
added 2026/03/23 12:14 p.m.9 views

WordPress LatePoint plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin LatePoint versions = 5.2.6...

6.5CVSS5.8AI score0.0017EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 12:13 p.m.5 views

WordPress JS Help Desk plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Bonds in WordPress Plugin JS Help Desk versions = 3.0.3...

6.5CVSS5.8AI score0.00155EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.12 views

New API 安全漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.11.4-alpha.2 contained a security vulnerability. This vulnerability stemmed from insecure direct object references in the video proxy endpoints, which could allow access to other users’ video content...

6.5CVSS6.4AI score0.00274EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.7 views

PT-2026-27176

Name of the Vulnerable Software and Affected Versions cbor2 versions prior to 5.9.0 Description The cbor2 library is susceptible to a Denial of Service DoS attack due to uncontrolled recursion when decoding deeply nested CBOR structures. This affects both the pure Python implementation and the C...

7.5CVSS7.2AI score0.00417EPSS
Exploits1References24
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

Blinko 安全漏洞

Blinko is an open-source AI-based card-based note-taking app designed for users who want to quickly capture and organize fleeting ideas. Versions of Blinko prior to 1.8.4 contained a security vulnerability. This vulnerability stemmed from an insecure direct object reference in the user.detail...

6.5CVSS5.8AI score0.0022EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27215

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an IDOR vulnerability where user.detail Endpoint Leaks the Superadmin Token. This issue has been patched in version 1.8.4...

6CVSS5.7AI score0.0022EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27135

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can caus...

6.1CVSS5.7AI score0.00168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-4647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when...

6.1CVSS5.3AI score0.00168EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/23 12:0 a.m.151 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the processing of XCOFF object files due to improper validation of relocation type values. An attacker can cause application crashes or access unintended memory contents by supplying a specially crafted XCOFF file ...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/21 6:30 a.m.7 views

EUVD-2026-14186

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...

5.3CVSS5.9AI score0.00324EPSS
Exploits0References8
NVD
NVD
added 2026/03/21 4:17 a.m.5 views

CVE-2026-3460

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...

5.3CVSS0.00324EPSS
Exploits0References7
CVE
CVE
added 2026/03/21 3:26 a.m.10 views

CVE-2026-3460

CVE-2026-3460 concerns the REST API TO MiniProgram plugin for WordPress. The vulnerability allows an authenticated user with Subscriber-level access or higher to modify arbitrary users’ store-related metadata (storeinfo, storeappid, storename) via an attacker-controlled userid parameter in the RE...

5.3CVSS5.9AI score0.00324EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.3 views

CVE-2026-3460

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...

5.3CVSS5.9AI score0.00324EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.27 views

CVE-2026-3460 REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...

5.3CVSS0.00324EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.8 views

CVE-2026-3460 REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...

5.3CVSS5.9AI score0.00324EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.6 views

WordPress plugin REST API TO MiniProgram 输入验证错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00324EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.3 views

PT-2026-26855

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback update user wechatshop info permissions check only validating that the supplied 'openid' parameter corresponds to ...

5.3CVSS5.9AI score0.00324EPSS
Exploits0References8
OSV
OSV
added 2026/03/20 11:16 p.m.3 views

DEBIAN-CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS5.8AI score0.00704EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/20 10:32 p.m.3 views

CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...

7.5CVSS5.9AI score0.00497EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/03/20 8:53 p.m.6 views

WordPress Pelicula theme < 1.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Pelicula versions 1.10...

9.8CVSS5.8AI score0.00375EPSS
Exploits0Affected Software1
Rows per page
Query Builder