Lucene search
K

3502 matches found

CNNVD
CNNVD
added 2025/11/19 12:0 a.m.5 views

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.4 that stems from an insecure direct object reference in the participant deletion feature,...

8.1CVSS6.4AI score0.00289EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.6 views

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in versions of Rallly prior to 4.5.4 that stems from an insecure direct object reference in the vote modification feature,...

6.5CVSS6.5AI score0.00224EPSS
Exploits1References3
Patchstack
Patchstack
added 2025/11/18 11:45 p.m.9 views

WordPress SiteSEO – SEO Simplified plugin <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure vulnerability

Insecure Direct Object Reference to Sensitive Post Meta Disclosure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin SiteSEO versions = 1.3.2...

4.3CVSS7AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/18 10:27 p.m.7 views

WordPress YITH WooCommerce Wishlist plugin <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename vulnerability

Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin YITH WooCommerce Wishlist versions = 4.10.0...

5.3CVSS7AI score0.00242EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/18 6:43 a.m.9 views

CVE-2025-12524 Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

5.4CVSS0.0025EPSS
Exploits0References6
CVE
CVE
added 2025/11/18 12:0 a.m.10 views

CVE-2025-63513

CVE-2025-63513 affects kishan0725 Hospital Management System v4 with an Insecure Direct Object Reference (IDOR) in the appointment cancellation feature. The vulnerability allows unauthorized access to appointment-related operations without proper authorization checks, per Red Hat and CVE listings...

6.5CVSS6.6AI score0.00235EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/11/18 12:0 a.m.4 views

EUVD-2025-198032

kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference IDOR vulnerability in the appointment cancellation functionality...

6.5AI score0.00235EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.3 views

CVE-2025-63513

kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference IDOR vulnerability in the appointment cancellation functionality...

6.6AI score0.00235EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.5 views

Hospital Management System 安全漏洞

Hospital Management System is a hospital management software by Pon Aravind Boominathan Individual Developer. A security vulnerability exists in Hospital Management System version v4, which stems from an insecure direct object reference in the Appointment Cancellation feature that could lead to...

6.5CVSS6.6AI score0.00235EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/14 6:2 p.m.6 views

CVE-2025-64706

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...

5CVSS6.8AI score0.00208EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/14 2:3 p.m.8 views

CVE-2025-41069

Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...

5.3CVSS6.8AI score0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/13 10:34 p.m.7 views

EUVD-2025-150363

File Browser is Vulnerable to Insecure Direct Object Reference IDOR in Share Deletion Function...

7.2CVSS6.3AI score0.00384EPSS
Exploits1References3
OSV
OSV
added 2025/11/13 10:34 p.m.3 views

GHSA-6CQF-CFHV-659G File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function

Summary It has been found an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. This vulnerability allows any authenticated user with share permissions to delete other users' shared links without authorization checks. The impact is...

8.8CVSS6.5AI score0.00384EPSS
Exploits1References4
NVD
NVD
added 2025/11/13 6:15 p.m.9 views

CVE-2025-64706

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...

7.5CVSS0.00208EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/13 5:49 p.m.7 views

EUVD-2025-175346

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...

5CVSS6.3AI score0.00208EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/13 5:49 p.m.19 views

CVE-2025-64706 Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...

5CVSS0.00208EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/13 3:30 p.m.6 views

EUVD-2025-169288

Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...

5.3CVSS6.2AI score0.0022EPSS
Exploits0References2
NVD
NVD
added 2025/11/13 2:15 p.m.6 views

CVE-2025-41069

Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...

5.3CVSS0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/13 5:7 a.m.13 views

CVE-2025-12087

The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlmremoveaddedwishlistpage' AJAX action due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.6AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2025/11/13 4:15 a.m.7 views

CVE-2025-12366

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.5 via the pagelayerreplacepage function due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS0.00213EPSS
Exploits0References3
Rows per page
Query Builder