Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to u
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorizatio
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies
Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When
Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting (XSS) vulnerability in Outline
Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or e
Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optiona
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken auth
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, the Outline comment section permits users to mention other users; however, the backend does not validate or sani
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join(
CVE-2026-33640
CRITICAL CVSS 9.1
Find Similar
Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing th
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authent
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-le
CVE-2024-27113
CRITICAL CVSS 9.3
Find Similar
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulner
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticate
Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Obje
Page 1+ Next →