Lucene search
K

21927 matches found

CVE
CVE
added 2026/04/21 8:35 p.m.9 views

CVE-2026-34281

CVE-2026-34281 concerns Oracle Solaris 11.4, specifically a vulnerability in the Kernel component. Affects the kernel on Oracle Solaris 11.4; exploitation requires low privileges and local logon. Successful exploitation can lead to a hang or frequently repeatable crash (complete DoS) of Oracle So...

6.5CVSS5.7AI score0.00116EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/21 8:35 p.m.34 views

CVE-2026-34267

...

4.9CVSS0.00323EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 8:35 p.m.35 views

CVE-2026-22016

...

7.5CVSS0.00702EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 8:35 p.m.2 views

CVE-2026-22010

...

7.5CVSS7.3AI score0.00307EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 8:35 p.m.34 views

CVE-2026-22007

...

2.9CVSS0.00124EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 8:35 p.m.16 views

CVE-2026-22003

CVE-2026-22003 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected: Oracle Java SE 8u481 and 8u481-b50; GraalVM EE 21.3.17. The vulnerability allows a low-privilege, locally authenticated attacker to compromise the runtime and may lead to unauthorized data modificatio...

6CVSS5.8AI score0.00101EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2026/04/21 8:34 p.m.41 views

CVE-2026-21998

Oracle MySQL Server (Server: Optimizer) is affected. Affected versions: 8.0.0–8.0.45, 8.4.0–8.4.8, and 9.0.0–9.6.0. The vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or crash (DoS). CVSS 3.1 base score is 4.9 (Availability impact). Expl...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/21 8:34 p.m.36 views

CVE-2026-21997

...

8.5CVSS0.00202EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 8:17 p.m.8 views

CVE-2026-40907

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint plugin/Live/view/Liverestreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream...

6.5CVSS0.00269EPSS
Exploits1References2
CVE
CVE
added 2026/04/21 7:50 p.m.14 views

CVE-2026-40907

Summary: WWBN AVideo 29.0 and earlier contains an Insecure Direct Object Reference (IDOR) in the endpoint plugin/Live/view/Live_restreams/list.json.php. This allows any authenticated user with streaming permission to view other users’ live restream configurations, exposing third‑party platform st...

6.5CVSS5.7AI score0.00269EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/21 7:50 p.m.33 views

CVE-2026-40907 WWBN AVideo has IDOR in Live Restreams list.json.php that Exposes Other Users' Stream Keys and OAuth Tokens

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint plugin/Live/view/Liverestreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream...

6.5CVSS0.00269EPSS
Exploits1References2
NVD
NVD
added 2026/04/21 7:16 p.m.13 views

CVE-2026-40865

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...

7.1CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 7:16 p.m.3 views

CVE-2026-40866

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload...

8.6CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 6:31 p.m.11 views

EUVD-2026-24199

An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...

9CVSS5.8AI score0.0044EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/21 6:15 p.m.2 views

CVE-2026-40866 Horilla: Unauthorized Document Overwrite via File Upload Endpoint

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload...

8.6CVSS5.8AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 6:15 p.m.11 views

CVE-2026-40866

Horilla HRMS (version 1.5.0) contains an insecure direct object reference vulnerability in the employee document upload endpoint. An authenticated user can overwrite, replace, or corrupt another employee’s document by altering the document ID in the upload request, leading to unauthorized modific...

8.6CVSS5.8AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 6:15 p.m.7 views

EUVD-2026-24234

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload...

8.6CVSS5.8AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 6:14 p.m.17 views

CVE-2026-40865

Horilla HRMS 1.5.0 contains an insecure direct object reference in the employee document viewer. An authenticated user can access other employees’ uploaded documents by altering the document ID parameter, exposing identity documents, contracts, certificates, and other private records. The PT-2026...

7.1CVSS5.8AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 6:14 p.m.31 views

CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...

7.1CVSS0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 6:14 p.m.3 views

CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...

7.1CVSS5.8AI score0.0014EPSS
Exploits0References1
Rows per page
Query Builder