CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2005-4137

Malware in sbrugna...

7.5CVSS6.4AI score0.01867EPSS

Exploits1References8

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-48405

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.0014EPSS

Exploits0References2

NVD•added 2025/01/30 11:15 a.m.•5 views

CVE-2025-0739

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTIONID" param of the endpoint "/demos/embedai/subscriptions/show/"...

8.6CVSS0.00082EPSS

Exploits0References1

Veracode•added 2025/01/09 4:33 a.m.•5 views

Insecure Direct Object Reference (IDOR)

Khoj is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the improper implementation of access controls in the updatesubscription endpoint, where the system fails to enforce authorization checks to ensure that only the owner of a subscription can modify it, allowin...

4.3CVSS6.4AI score0.00115EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2024/12/30 4:12 p.m.•22 views

khoj has an IDOR in subscription management allows unauthorized subscription modifications

Summary An Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the request. Details The vulnerability exists in the subscription endpoint at...

4.3CVSS7AI score0.00115EPSS

Exploits0References4Affected Software1

NVD•added 2024/06/21 4:15 a.m.•17 views

CVE-2024-3961

The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...

5.3CVSS0.00296EPSS

Exploits0References2

Vulnrichment•added 2024/02/05 9:21 p.m.•6 views

CVE-2024-0797 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Missing Authorization

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible fo...

4.3CVSS6.7AI score0.00134EPSS

Exploits0References2

OSV•added 2020/12/22 5:15 p.m.•0 views

CVE-2019-11785

Improper access control in mail module followers in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages...

4.3CVSS6.5AI score

Exploits0References1

Hacker One•added 2020/04/18 9:49 p.m.•26 views

Semrush: Broken validation of user Id for JWT Token

Traffic Analytics Tool TA uses JWT tokens to store user subscription information without any kind of personal information. JWT tokens are created by passing a user ID. There was an error with validation of user Id for JWT token...

6.6AI score

Exploits0

Citrix•added 2018/12/07 12:0 a.m.•5 views

App Shortcuts with Receiver for Windows

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. As a Receiver administrator, you can configure Receiver for Windows 4.x to automatically place...

6.9AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by