Search Results (1955 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-56781 1 Teableio 1 Teable 2026-06-29 5.3 Medium
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and specify them in projection parameters to read field values that are intended to be restricted from public view.
CVE-2025-66123 2 About Envato, Wordpress 2 Bookpro, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions.
CVE-2026-54839 2 Kingaddons, Wordpress 2 Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups, Wordpress 2026-06-29 7.5 High
Unauthenticated Sensitive Data Exposure in Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups <= 2.0.9 versions.
CVE-2026-56069 2 Site Building With Toolset, Wordpress 2 Toolset Forms, Wordpress 2026-06-29 7.5 High
Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.
CVE-2026-57665 2 Gravitykit, Wordpress 2 Gravityview, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
CVE-2026-56048 1 Wordpress 2 Payment Gateway Based Fees And Discounts For Woocommerce, Wordpress 2026-06-29 6.5 Medium
Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions.
CVE-2026-57630 2 Creativethemes, Wordpress 2 Blocksy Companion, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.
CVE-2026-57943 1 Librephotos Project 1 Librephotos 2026-06-29 5.9 Medium
LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate shared_to relations without proper owner checks to read arbitrary private photos belonging to other users.
CVE-2026-10820 2 Properfraction, Wordpress 2 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – Profilepress, Wordpress 2026-06-29 8.1 High
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference.
CVE-2026-11987 2 Dokaninc, Wordpress 2 Dokan: Ai Powered Woocommerce Multivendor Marketplace Solution – Build Your Own Amazon, Ebay, Etsy, Wordpress 2026-06-29 4.3 Medium
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to read any other vendor's products — including unpublished draft and pending listings — exposing product names, prices, SKUs, and descriptions belonging to other vendors. The permission callbacks for both the collection endpoint and the single-item endpoint only verify the generic vendor capability ('dokan_view_product_menu' / 'dokandar'), which every vendor holds, rather than confirming the requested author ID or product ownership matches the authenticated user.
CVE-2026-56013 2 Mycred, Wordpress 2 License Manager For Woocommerce, Wordpress 2026-06-29 6.5 Medium
Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.
CVE-2026-54826 2 Psm Plugins, Wordpress 2 Supportcandy, Wordpress 2026-06-29 7.6 High
Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.
CVE-2026-52779 1 Opf 1 Openproject 2026-06-29 5.4 Medium
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusion in the Calendar and Team Planner modules allows a user with management permissions in one project to delete public Calendar or Team Planner Queries from another project where they do not have the corresponding management permissions. Both modules authorize the request against the project identified by :project_id in the URL, but the actual Query object is loaded later by :id from Query.visible(current_user) without verifying that the loaded Query belongs to the authorized project. As a result, an attacker can use permissions from Project A to delete shared/public Calendar or Team Planner views from Project B, causing integrity impact and limited availability impact for users relying on those shared views. This vulnerability is fixed in 17.3.3 and 17.4.1.
CVE-2026-13534 1 Cherryhq 1 Cherry-studio 2026-06-29 5 Medium
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be initiated remotely. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit is now public and may be used. The vendor explains, that "[m]emory is planned to be removed in v2 version."
CVE-2026-44731 1 Opf 1 Openproject 2026-06-29 4.3 Medium
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user accounts by probing user IDs and observing differences in the server response. This vulnerability is fixed in 17.3.2 and 17.4.0.
CVE-2026-44732 1 Opf 1 Openproject 2026-06-29 4.3 Medium
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used to modify existing documents. The target document is loaded with visibility checks and then updated. During update, attacker-controlled attributes are applied to the persisted record before authorization is enforced. As a result, a user without :manage_documents in the source project can move and modify foreign project documents by setting project_id in a single PATCH request. This vulnerability is fixed in 17.3.2 and 17.4.0.
CVE-2026-49355 1 Opf 1 Openproject 2026-06-29 4.3 Medium
OpenProject is open-source, web-based project management software. Prior to 17.4.0, `GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id` discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0.
CVE-2026-52782 1 Opf 1 Openproject 2026-06-29 9.9 Critical
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access to Unauthorized Resources. A project-admin in one project can hijack the managed Nextcloud or OneDrive folder of another project on the same storage by writing the victim project's project_folder_id into the attacker's Storages::ProjectStorage row. The next managed-folder sync overwrites the ACL on the referenced folder with the attacker project's user list. This vulnerability is fixed in 17.3.3 and 17.4.1.
CVE-2026-13549 1 Codeastro 1 Complaint Management System 2026-06-29 5.4 Medium
A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Report Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-44736 1 Opf 1 Openproject 2026-06-27 6.5 Medium
OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject (title) of work packages they have no permission to view — by supplying an arbitrary work package ID in the involved, fromId, or toId filter. This bypasses the Relation.visible scope due to a flawed performance optimization in RelationQuery. This vulnerability is fixed in 17.4.0.