Lucene search
K

90 matches found

Packet Storm News
Packet Storm News
added 2025/07/21 12:0 a.m.5 views

Ai2 Insecure Direct Object Reference

Ai2 is a Seattle based non-profit AI research institute. Ai2 provides a playground web application to chat that is susceptible to an insecure direct object reference vulnerability. An attacker can exploit this IDOR to tamper other users' conversation...

8.8CVSS6.8AI score0.00367EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 a.m.5 views

CVE-2019-15786

ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket...

9.8CVSS7.5AI score0.01589EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/13 12:0 a.m.12 views

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2025-1510)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.5AI score0.00806EPSS
Exploits0References2
Circl
Circl
added 2025/03/15 10:30 p.m.6 views

CVE-2025-2360

creationtimestamp| type| source ---|---|--- 2025-03-15 22:30:34+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114168812896511888 2025-03-17 04:46:06+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7735 2025-03-17 06:00:34+00:00| seen|...

9.8CVSS7.3AI score0.03768EPSS
Exploits1References4
CVE
CVE
added 2025/02/26 2:24 a.m.89 views

CVE-2022-49719

CVE-2022-49719 affects the Linux kernel realview GIC implementation. The root cause is a refcount leak in realview_gic_of_init caused by of_find_matching_node_and_match() returning a node pointer with an incremented refcount without a corresponding of_node_put() when it is no longer needed. The f...

5.5CVSS5.3AI score0.0025EPSS
Exploits0References8Affected Software1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.2 views

WordPress plugin Rate My Post – Star Rating Plugin by FeedbackWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

5.3CVSS8.4AI score0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.7 views

PT-2024-39521 · WordPress · The User Meta

Name of the Vulnerable Software and Affected Versions: The User Meta – User Profile Builder and User management plugin for WordPress versions up to, and including, 3.1 Description: The issue is related to Insecure Direct Object Reference, which can be exploited by authenticated attackers with...

6.5CVSS6.3AI score0.00409EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/09/04 3:49 a.m.5 views

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Insecure Direct Object Reference vulnerability

Insecure Direct Object Reference vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...

5.4CVSS7AI score0.00309EPSS
Exploits0References1Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/08/05 12:0 a.m.6 views

Microsoft PowerShell Reference for Office Products officedocs-cdn Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerShell Reference for Office Products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of PowerShell Reference for Office...

9.8CVSS7.7AI score
Exploits0References1
OSV
OSV
added 2024/03/06 11:16 a.m.38 views

BIT-GITLAB-2022-1352

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

5.3CVSS5.4AI score0.01242EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:33 a.m.3 views

SUSE CVE-2022-1972

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2078. Reason: This candidate is a reservation duplicate of CVE-2022-2078. Notes: All CVE users should reference CVE-2022-2078 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...

7CVSS7AI score
Exploits1References21
Prion
Prion
added 2022/10/17 4:15 p.m.24 views

Design/Logic Flaw

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...

4CVSS4.2AI score0.00578EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/08/05 3:9 p.m.117 views

CVE-2022-2499

GitLab EE Jira integration contains an insecure direct object reference vulnerability that may allow an attacker to leak Jira issues. Affected GitLab EE versions: 13.10–15.0.4, 15.1–15.1.3, and 15.2–15.2.0. Root cause is an insecure direct object reference in the Jira integration. Remediation by ...

4.3CVSS4.4AI score0.00708EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/07/09 12:0 a.m.18 views

GHSA-4V4P-87M3-5423 Known v1.3.1 contains Insecure Direct Object Reference

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...

4.3CVSS4.6AI score0.00736EPSS
Exploits1References4
Prion
Prion
added 2022/02/02 6:15 p.m.21 views

Design/Logic Flaw

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference IDOR vulnerability that allows an unauthenticated attacker to reassign drivers for any printer...

6.4CVSS9.1AI score0.02093EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2022/02/02 12:0 a.m.5 views

PrinterLogic Web Stack 安全漏洞

PrinterLogic Web Stack PrinterLogic Printer Installer is a native Web application from PrinterLogic USA, Inc. Enabling the It department to manage and automate the creation/propagation of PrinterObjects and printer drivers across print environments from a single management console. PrinterLogic W...

7.5CVSS5.6AI score0.01408EPSS
Exploits1References8
OSV
OSV
added 2022/01/21 11:43 p.m.1 views

GHSA-75VW-3M5V-FPRH corenlp is vulnerable to Improper Restriction of XML External Entity Reference

corenlp is vulnerable to Improper Restriction of XML External Entity Reference...

9.8CVSS6.7AI score0.01217EPSS
Exploits1References7
Cvelist
Cvelist
added 2021/12/20 10:52 p.m.16 views

CVE-2020-3708

...

Exploits0
NVD
NVD
added 2021/11/30 9:15 p.m.14 views

CVE-2021-36329

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...

6.5CVSS0.00675EPSS
Exploits0References1
Prion
Prion
added 2021/08/30 6:15 p.m.20 views

Deserialization of untrusted data

The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...

6.5CVSS6.8AI score0.00999EPSS
Exploits1References1Affected Software3
Rows per page
Query Builder