PT-2024-34585 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.2 Description: An Insecure Direct Object Reference IDOR vulnerability was identified, allowing unauthorized users to view, update, or delete any dataset prompt or dataset prompt variation with...

CVE-2024-4750

The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request...

CVE-2024-4750 BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment

The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request...

CVE-2024-4274 Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the removepropertyattachmentajax function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and...

WordPress KiviCare Plugin <= 3.6.4 is vulnerable to Insecure Direct Object References (IDOR)

Software KiviCare Type Plugin Vulnerable versions = 3.6.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-35659 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 967b7ac814c1 Credits Van Lyubov Required...

WakaTime: IDOR to view order information of users and personal information

Vulnerability description not provided...

CVE-2024-5166

An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model...

CVE-2024-5166

An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model...

CVE-2024-5166 Insecure Direct Object Reference In Looker

An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model...

CVE-2024-5166 Insecure Direct Object Reference In Looker

An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model...

CVE-2024-5166

An Insecure Direct Object Reference (IDOR) affects Google Cloud Looker, allowing metadata exposure across authenticated Looker users who share the same LookML model. The CVE-2024-5166 entry states a CVSS v3.1 base score of 6.5 (Medium) with Confidentiality Impact: High and Impact on Integrity/Ava...

Google Cloud Looker 安全漏洞

Google Cloud Looker is an online tool used by Google, Inc. to transform data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from the presence of an unsafe direct object reference issue...

PT-2024-34804 · Google Cloud · Looker

Name of the Vulnerable Software and Affected Versions: Looker versions affected versions not specified Description: An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model. Recommendations: At the momen...

Insecure Direct Object Reference (IDOR) / Weak Encryption

nzo/url-encryptor-bundle is vulnerable to a Insecure Direct Object Reference IDOR. This vulnerability is due to a lack of mandatory key and initialization vector IV requirements, which makes the aes-256-ctr algorithm susceptible to malleability attacks. It allows attackers to decrypt and modify...

Insecure Direct Object Reference (IDOR)

org.bonitasoft.engine, bonita-server is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the absence of dynamic permissions, which previously existed only in the Subscription edition and were not customizable in the Community edition...

CVE-2024-4279

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...

CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...

CVE-2024-4279

Summary: CVE-2024-4279 affects Tutor LMS – eLearning and online course solution for WordPress. An insecure direct object reference vulnerability exists in the tutor_course_delete function caused by missing validation on a user-controlled key, enabling an authenticated attacker with Instructor-lev...

CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...

WordPress Tutor LMS plugin <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion vulnerability

Authenticated Instructor+ Insecure Direct Object Reference to Arbitrary Course Deletion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS versions = 2.7.0...