Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/05/28 8:16 a.m.9 views

CVE-2026-7651

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...

5.3CVSS0.0004EPSS
Exploits0References5
CVE
CVEadded 2026/05/19 10:45 p.m.9 views

CVE-2026-34744

Vulnerability summary (CVE-2026-34744) MantisBT (Mantis Bug Tracker) prior to version 2.28.2 is affected by an authorization bypass where a user can list and download their own attachments from an issue created by another user after the issue becomes private, bypassing read access revocation. The...

5.3CVSS5.7AI score0.00014EPSS
Exploits0References3
OSV
OSVadded 2023/09/28 6:30 a.m.13 views

GHSA-896V-PH5W-379H Economizzer Insecure Direct Object Reference vulnerability

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

3.7CVSS4AI score0.00297EPSS
Exploits1References5
NVD
NVDadded 2023/09/28 4:15 a.m.6 views

CVE-2023-38872

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

3.7CVSS4.2AI score0.00297EPSS
Exploits1References3
Code423n4
Code423n4added 2022/05/26 12:0 a.m.4 views

Lack of check could cause lose of user funds

Lines of code Vulnerability details Impact The increaseamount function is currently missing check for attachments and voted. Any amount provided will get added to existing amount. The increased amount will get stuck during withdraw if attachmentstokenId != 0 or votedtokenId Proof of Concept 1. Us...

6.9AI score
Exploits0
CNVD
CNVDadded 2020/05/08 12:0 a.m.6 views

Serpico Information Disclosure Vulnerability

Serpico is a penetration test report generation and collaboration tool from the Serpico project. An information disclosure vulnerability exists in Serpico versions prior to 1.3.3. The vulnerability stems from the fact that an authenticated non-administrative user can request the...

6.5CVSS6.1AI score0.00457EPSS
Exploits0References1
Cvelist
Cvelistadded 2005/02/20 5:0 a.m.16 views

CVE-2004-1672

attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request...

6.7AI score0.01048EPSS
Exploits1References4
Rows per page
Query Builder