Lucene search
K

98 matches found

Vulnrichment
Vulnrichment
•added 2026/03/24 6:14 p.m.•6 views

CVE-2026-33421 Parse Server: LiveQuery bypasses CLP pointer permission enforcement

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.53 and 9.6.0-alpha.42, Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields. Any...

7.1CVSS5.7AI score0.00397EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/03/20 12:0 a.m.•8 views

PT-2026-26759

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.53 Parse Server versions prior to 9.6.0-alpha.42 Description Parse Server’s LiveQuery WebSocket interface did not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields...

7.1CVSS5.8AI score0.00397EPSS
Exploits0References9
EUVD
EUVD
•added 2026/03/11 9:31 p.m.•5 views

EUVD-2019-19754

Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and Registration Code field to...

6.9CVSS6.1AI score0.00123EPSS
Exploits0References3
OSV
OSV
•added 2026/03/03 1:29 p.m.•4 views

BIT-DISCOURSE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS6AI score0.00266EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/02/27 7:44 p.m.•5 views

CVE-2026-26265

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS6AI score0.00266EPSS
Exploits0References1
NVD
NVD
•added 2026/02/26 4:24 p.m.•15 views

CVE-2026-26265

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS0.00266EPSS
Exploits0References1
CVE
CVE
•added 2026/02/26 3:10 p.m.•32 views

CVE-2026-26265

Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 expose an IDOR in the directory items endpoint (GET /directory_items.json?period=all&user_field_ids=...). The DirectoryItemsController#index accepts arbitrary user_field_ids without proper authorization, bypassing visibility controls a...

7.5CVSS5.7AI score0.00266EPSS
Exploits0References1Affected Software1
EUVD
EUVD
•added 2026/02/26 3:10 p.m.•4 views

EUVD-2026-8859

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS5.7AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/02/26 3:10 p.m.•23 views

CVE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/02/26 3:10 p.m.•3 views

CVE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS6AI score0.00266EPSS
Exploits0References1
OSV
OSV
•added 2026/02/26 3:10 p.m.•5 views

CVE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS6AI score0.00266EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/02/26 3:10 p.m.•5 views

CVE-2026-26265

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS5.7AI score0.00266EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
•added 2026/02/26 12:0 a.m.•13 views

PT-2026-22156

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. An IDOR vulnerability exists in the directory items endpoint, allowing...

7.5CVSS5.9AI score0.00266EPSS
Exploits0References8
Patchstack
Patchstack
•added 2026/01/30 5:6 a.m.•7 views

WordPress Paid Memberships Pro plugin < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure vulnerability

Contributor+ Arbitrary User Custom Field Disclosure vulnerability discovered by Scott Kingsley Clark in WordPress Plugin Paid Memberships Pro versions 2.12.9...

4.3CVSS5.9AI score0.00548EPSS
Exploits2References1Affected Software1
RedhatCVE
RedhatCVE
•added 2026/01/09 11:37 a.m.•5 views

CVE-2003-1031

Cross-site scripting XSS vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as 1 "Interests-Hobbies", 2 "Biography", or 3 "Occupation."...

4.3CVSS6AI score0.01394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/11/19 9:9 a.m.•7 views

CVE-2025-26391

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account...

5.4CVSS6.5AI score0.00395EPSS
Exploits0References1
OSV
OSV
•added 2025/11/17 5:15 p.m.•4 views

CVE-2024-44652

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail, username, userfirstname, userlastname, and useraddress parameters in userregister.php...

6.5CVSS5.8AI score0.00215EPSS
Exploits1References2
EUVD
EUVD
•added 2025/11/06 6:32 p.m.•6 views

EUVD-2025-38110

Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through = 2.1.2...

6.4AI score0.00415EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2025/10/28 2:34 p.m.•4 views

CVE-2025-34316 IPFire < v2.29 Stored XSS via Mail Server Settings

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txtmailuser and txtmailpass parameters when updating the mail server settings. When a user updates the mail...

5.1CVSS5.7AI score0.00453EPSS
Exploits0References3
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•5 views

EUVD-2017-6673

Malware in sbrugna...

5.4CVSS5.5AI score0.00805EPSS
Exploits0References5
Rows per page
Query Builder