3502 matches found
Rallly 安全漏洞
Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.4 that stems from an insecure direct object reference in the participant deletion feature,...
Rallly 安全漏洞
Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in versions of Rallly prior to 4.5.4 that stems from an insecure direct object reference in the vote modification feature,...
WordPress SiteSEO – SEO Simplified plugin <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure vulnerability
Insecure Direct Object Reference to Sensitive Post Meta Disclosure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin SiteSEO versions = 1.3.2...
WordPress YITH WooCommerce Wishlist plugin <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename vulnerability
Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin YITH WooCommerce Wishlist versions = 4.10.0...
CVE-2025-12524 Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change
The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...
CVE-2025-63513
CVE-2025-63513 affects kishan0725 Hospital Management System v4 with an Insecure Direct Object Reference (IDOR) in the appointment cancellation feature. The vulnerability allows unauthorized access to appointment-related operations without proper authorization checks, per Red Hat and CVE listings...
EUVD-2025-198032
kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference IDOR vulnerability in the appointment cancellation functionality...
CVE-2025-63513
kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference IDOR vulnerability in the appointment cancellation functionality...
Hospital Management System 安全漏洞
Hospital Management System is a hospital management software by Pon Aravind Boominathan Individual Developer. A security vulnerability exists in Hospital Management System version v4, which stems from an insecure direct object reference in the Appointment Cancellation feature that could lead to...
CVE-2025-64706
Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...
CVE-2025-41069
Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...
EUVD-2025-150363
File Browser is Vulnerable to Insecure Direct Object Reference IDOR in Share Deletion Function...
GHSA-6CQF-CFHV-659G File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function
Summary It has been found an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. This vulnerability allows any authenticated user with share permissions to delete other users' shared links without authorization checks. The impact is...
CVE-2025-64706
Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...
EUVD-2025-175346
Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...
CVE-2025-64706 Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure
Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...
EUVD-2025-169288
Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...
CVE-2025-41069
Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...
CVE-2025-12087
The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlmremoveaddedwishlistpage' AJAX action due to missing validation on a user controlled key. This makes it possible for...
CVE-2025-12366
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.5 via the pagelayerreplacepage function due to missing validation on a user controlled key. This makes it possible for...