CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

EUVD•added 2026/04/08 9:31 a.m.•2 views

EUVD-2026-20127

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS5.9AI score0.00051EPSS

Exploits0References7

NVD•added 2026/04/08 8:16 a.m.•4 views

CVE-2026-4654

5.3CVSS0.00051EPSS

Exploits0References6

CVE•added 2026/04/08 7:43 a.m.•4 views

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin for WordPress is affected by an Insecure Direct Object Reference in versions up to and including 6.3.7. The vulnerability stems from wpas_get_ticket_replies_ajax() not verifying that the authenticated user has permission to view the reques...

5.3CVSS5.9AI score0.00051EPSS

Exploits0References6

ATTACKERKB•added 2026/04/08 7:43 a.m.•2 views

CVE-2026-4654

5.3CVSS5.9AI score0.00051EPSS

Exploits0References7

EUVD•added 2025/11/21 3:31 p.m.•1 views

EUVD-2025-198487

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'ehcrmticketsingleviewclient' due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.1AI score0.00034EPSS

Exploits0References4

Vulnrichment•added 2025/10/16 7:59 a.m.•2 views

CVE-2025-41020 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito

Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...

7.1CVSS6.5AI score0.00046EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2006-4381

Malware in sbrugna...

3.7CVSS6.4AI score0.00077EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-18743

Malware in sbrugna...

5.5CVSS5.6AI score0.00117EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-12602

Malware in sbrugna...

4.3CVSS4.8AI score0.00326EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-6366

Malware in sbrugna...

5.5CVSS5.5AI score0.00144EPSS

Exploits0References3

Vulnrichment•added 2025/10/03 8:35 p.m.•1 views

CVE-2025-10696 OpenSupports 4.11.0 — Insecure Direct Object Reference in supervised list

OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party the target user, who can then view the...

7.1CVSS6.4AI score0.00038EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-52176

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00257EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-21247

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00146EPSS

Exploits0References1

RedhatCVE•added 2025/09/22 7:33 a.m.•2 views

CVE-2025-10658

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers ...

6.5CVSS6.2AI score0.00559EPSS

Exploits0References1

Positive Technologies•added 2025/09/20 12:0 a.m.•2 views

PT-2025-38633

Name of the Vulnerable Software and Affected Versions SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress versions up to and including 3.3.7 Description The SupportCandy plugin for WordPress is susceptible to authentication bypass due to missing rate limiting on One-Time...

6.5CVSS6.5AI score0.00559EPSS

Exploits0References6

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2019-13457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their...

4.3CVSS5.5AI score0.00443EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 4:29 a.m.•5 views

CVE-2023-50457

An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions...

4.3CVSS6.9AI score0.00134EPSS

Exploits0

RedhatCVE•added 2025/05/22 11:1 p.m.•5 views

CVE-2022-3511

The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector...

6.5CVSS6.8AI score0.00584EPSS

Exploits1References1

RedhatCVE•added 2025/05/21 9:4 p.m.•5 views

CVE-2009-5056

Open Ticket Request System OTRS before 2.4.0-beta2 does not properly enforce the moveinto permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-ticket...

2.1CVSS6.5AI score0.0016EPSS

Exploits1References1

OSV•added 2025/05/08 4:15 p.m.•2 views

DEBIAN-CVE-2025-26842

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog...

7.5CVSS5.3AI score0.00287EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by