Lucene search
K

3461 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-50340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of oth...

4.3CVSS5.9AI score0.00304EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-1042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2...

7.5CVSS5.5AI score0.00406EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/21 5:34 p.m.4 views

CVE-2025-7051 N-central Syslog Configuration Insecure Direct Object Reference

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2...

8.3CVSS7AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 8:3 a.m.9 views

CVE-2025-53208 WordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business paymaya-checkout-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maya Business: from n/a through = 1.2.0...

7.5CVSS0.0034EPSS
Exploits0References1
Redos
Redos
added 2025/08/19 12:0 a.m.4 views

ROS-20250819-01

Moodle virtual learning environment vulnerability related to IDOR issue in Feedback report. Exploitation The vulnerability could allow an attacker acting remotely to gain unauthorized access to features that would otherwise be restricted. functions that would otherwise be limited to Vulnerability...

7.5CVSS6.9AI score0.00597EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/08/18 3:30 p.m.7 views

Liferay Portal Vulnerable to Insecure Direct Object Reference

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

4.8CVSS7.2AI score0.00231EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/08/18 2:15 p.m.14 views

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

7.7CVSS0.00217EPSS
Exploits0References2
NVD
NVD
added 2025/08/18 2:15 p.m.5 views

CVE-2025-43732

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

4.8CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2025/08/18 1:27 p.m.27 views

CVE-2025-4962

CVE-2025-4962 describes an Insecure Direct Object Reference (IDOR) in Lunary API. The vulnerability exists in the endpoint POST /v1/templates and allows an authenticated user to create templates in another user’s project by manipulating the projectId query parameter. Root cause: missing server-si...

7.7CVSS7.3AI score0.00217EPSS
Exploits0References2
CVE
CVE
added 2025/08/18 1:20 p.m.21 views

CVE-2025-43732

CVE-2025-43732 affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.10, 2024.Q4.0–Q4.7, 2024.Q3.1–Q3.13, 2024.Q2.1–Q2.13, 2024.Q1.1–Q1.17, and 7.4 GA through update 92. The vulnerability is an Insecure Direct Object Reference (IDOR) in the groupId parameter of the _com_liferay...

4.8CVSS7.2AI score0.00231EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/08/18 1:20 p.m.3 views

CVE-2025-43732

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

4.8CVSS7.2AI score0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.5 views

CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80...

5.3CVSS7.1AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/09 12:23 a.m.7 views

CVE-2025-51533

An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...

5.3CVSS6.6AI score0.00294EPSS
Exploits1References1
OSV
OSV
added 2025/08/07 7:15 p.m.3 views

CVE-2025-51533

An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References2
NVD
NVD
added 2025/08/07 7:15 p.m.5 views

CVE-2025-51533

An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...

5.3CVSS0.00294EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/07 12:31 a.m.11 views

CVE-2025-51628

Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...

7.5CVSS6.4AI score0.00405EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/07 12:0 a.m.4 views

CVE-2025-51533

An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...

5.3CVSS6.3AI score0.00294EPSS
Exploits1References2
CVE
CVE
added 2025/08/07 12:0 a.m.15 views

CVE-2025-51533

The CVE-2025-51533 entry describes an Insecure Direct Object Reference (IDOR) in Sage DPW versions 2024_12_004 and earlier. The vulnerability allows unauthenticated attackers to access internal forms by sending a crafted GET request, implying a direct object access flaw that could disclose low-se...

5.3CVSS6.3AI score0.00294EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/08/07 12:0 a.m.10 views

CVE-2025-51533

An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...

5.3CVSS0.00294EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.5 views

PT-2025-32305 · Sage · Sage Dpw

Name of the Vulnerable Software and Affected Versions: Sage DPW versions 2024 12 004 and below Description: An Insecure Direct Object Reference IDOR allows unauthorized attackers to access internal forms by sending a crafted GET request. Recommendations: Update Sage DPW to a version later than 20...

5.3CVSS6.4AI score0.00294EPSS
Exploits1References7
Rows per page
Query Builder