Lucene search
K

6 matches found

Cvelist
Cvelist
added 2025/07/18 8:48 a.m.27 views

CVE-2025-6226 IDOR in CreatePost API allows for timeboxed message disclosure

Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of...

6.5CVSS0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/21 8:50 a.m.8 views

CVE-2023-0453 WP Private Message < 1.0.6 - Private Message Disclosure via IDOR

The WP Private Message WordPress plugin bundled with the Superio theme as a required plugin before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by...

4.5AI score0.00551EPSS
Exploits2References2
Cvelist
Cvelist
added 2023/02/21 8:50 a.m.24 views

CVE-2023-0453 WP Private Message < 1.0.6 - Private Message Disclosure via IDOR

The WP Private Message WordPress plugin bundled with the Superio theme as a required plugin before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by...

4.8AI score0.00551EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/08/22 3:0 p.m.32 views

CVE-2022-2198 WPQA < 5.7 - Subscriber+ Private Message Disclosure via IDOR

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4.8AI score0.00609EPSS
Exploits1References1
Patchstack
Patchstack
added 2022/04/21 12:0 a.m.31 views

WordPress WPQA - Builder forms Addon plugin < 5.2 - Private Message Disclosure via IDOR vulnerability

Private Message Disclosure via IDOR vulnerability discovered by Veshraj Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...

4.3CVSS3.6AI score0.00756EPSS
Exploits1References3Affected Software1
Cent OS
Cent OS
added 2015/07/26 2:12 p.m.62 views

mailman security update

CentOS Errata and Security Advisory CESA-2015:1417 Updated mailman packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...

7.6CVSS7.2AI score0.07964EPSS
Exploits1References7
Rows per page
Query Builder