Lucene search
K

40 matches found

Malwarebytes
Malwarebytes
added 2026/01/07 12:19 p.m.5 views

One million customers on alert as extortion group claims massive Brightspeed data haul

US fiber broadband company Brightspeed is investigating claims by the Crimson Collective extortion group that it stole sensitive data belonging to more than 1 million residential customers, including extensive personally identifiable information PII, as well as account and billing details...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30793

Malicious code in bioql PyPI...

6.6AI score0.00334EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/24 12:28 a.m.11 views

CVE-2025-55886

An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...

6.8AI score0.00334EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 6:15 p.m.4 views

CVE-2025-55886

An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...

6.5CVSS0.00334EPSS
Exploits0References2
CVE
CVE
added 2025/09/22 12:0 a.m.13 views

CVE-2025-55886

CVE-2025-55886 concerns ARD. Affected component is the payment history API endpoint where the fe_uid parameter is used to fetch a user’s payment history. The underlying issue is an Insecure Direct Object Reference (IDOR) allowing an authenticated attacker to manipulate fe_uid to access other user...

6.5CVSS6.4AI score0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.5 views

ARD GEC en Ligne 安全漏洞

ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in ARD GEC en Ligne that stems from an insecure direct object reference to the feuid parameter in the payment history API endpoint, which could lead to unauthorized access to another user's payment history...

6.5CVSS6.7AI score0.00334EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/22 12:0 a.m.3 views

CVE-2025-55886

An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...

6.4AI score0.00334EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/22 12:0 a.m.10 views

CVE-2025-55886

An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...

0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.5 views

PT-2025-38757

Name of the Vulnerable Software and Affected Versions ARD affected versions not specified Description An Insecure Direct Object Reference IDOR vulnerability exists in ARD. The flaw is located in the fe uid parameter of the payment history API endpoint. An authenticated attacker can manipulate thi...

6.3AI score0.00334EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:49 p.m.4 views

CVE-2022-2387

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack...

4.3CVSS6.7AI score0.00286EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:49 p.m.11 views

CVE-2022-30512

School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/paymenthistory.php:31...

9.8CVSS8.1AI score0.09621EPSS
Exploits2References1
OSV
OSV
added 2025/02/15 9:15 a.m.5 views

CVE-2025-22209

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...

4.7CVSS6.1AI score0.00274EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/02/15 12:0 a.m.5 views

PT-2025-6942 · Joomla · Js Jobs

Name of the Vulnerable Software and Affected Versions: JS Jobs plugin versions 1.1.5 through 1.4.3 for Joomla Description: A SQL injection issue allows authenticated attackers, with administrator privileges, to execute arbitrary SQL commands via the searchpaymentstatus parameter in the Employer...

4.7CVSS8.9AI score0.00274EPSS
Exploits1References8
OSV
OSV
added 2024/05/20 1:15 a.m.3 views

CVE-2024-5109

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/studentpaymenthistory.php. The manipulation of the argument index leads to sql injection. The attack...

6.5CVSS6.5AI score0.00407EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/05/20 12:0 a.m.3 views

Complete Web-Based School Management System SQL注入漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A SQL injection vulnerability exists in Campcodes Complete Web-Based School Management System version 1.0, which originates from an unknown function in /view/student...

6.5CVSS7AI score0.00407EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/05/20 12:0 a.m.4 views

PT-2024-34520 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /view/student payment history.php. The manipulation of the index...

6.5CVSS7.2AI score0.00407EPSS
Exploits1References7
OSV
OSV
added 2022/11/07 10:15 a.m.0 views

CVE-2022-2387

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack...

4.3CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2022/11/07 10:15 a.m.13 views

CVE-2022-2387

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack...

4.3CVSS0.00286EPSS
Exploits2References1
Prion
Prion
added 2022/11/07 10:15 a.m.20 views

Cross site request forgery (csrf)

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack...

4.3CVSS4.6AI score0.00286EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.5 views

PT-2022-16302 · WordPress · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads WordPress plugin versions prior to 3.0 Description: The issue arises from the lack of a CSRF check when deleting payment history, and the failure to verify that the post to be deleted is actually a payment history. This...

4.3CVSS4.6AI score0.00286EPSS
Exploits2References6
Rows per page
Query Builder