3452 matches found
Nextcloud Server 安全漏洞
Nextcloud Server is a Nextcloud server program from Nextcloud Open Source. A security vulnerability exists in Nextcloud Server version 30.0.0, which stems from the presence of an insecure direct object reference in the /core/preview endpoint that could lead to unauthorized access to sensitive dat...
CVE-2025-13124 IDOR in Netiket''s ApplyLogic
Authorization Bypass Through User-Controlled Key vulnerability in Netiket Information Technologies Ltd. Co. ApplyLogic allows Exploitation of Trusted Identifiers. This issue affects ApplyLogic: through 01.12.2025...
CVE-2025-13003
CVE-2025-13003 describes an Authorization Bypass Through User-Controlled Key in AxOnboard (Aksis Computer Services and Consulting Inc.), affecting version 3.2.0 up to 3.3.0. The root cause is not detailed beyond the user-controlled key enabling exploitation of trusted identifiers. Documented impa...
CVE-2025-41358
Direct Object Reference Vulnerability IDOR in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in...
CVE-2023-53770
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to...
CVE-2020-36895
EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...
CVE-2025-41358
Direct Object Reference Vulnerability IDOR in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in...
CVE-2025-41358
CVE-2025-41358 describes a Direct Object Reference (IDOR) in i2A’s CronosWeb. Affected: CronosWeb versions before and including 25.00.00.12. Root cause: manipulation of the request parameter “documentCode” in /CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas allows an au...
PT-2025-50516
EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...
CVE-2023-53770
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to...
CVE-2023-53770
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to...
MiniDVBLinux 安全漏洞
MiniDVBLinux is a multimedia center software from the German company MiniDVBLinux. A security vulnerability exists in MiniDVBLinux version 5.4, which stems from an insecure direct object reference that could lead to a configuration disclosure...
WordPress Fluent Forms plugin <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id vulnerability
Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submissionid vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin FluentForm versions = 6.1.7...
📄 YOURLS 1.8.2 CSRF / IDOR / Missing Authorization
YOURLS version 1.8.2 AJAX endpoint scanner that checks for cross site request forgery, insecure direct object reference, missing authorization, and missing input validation vulnerabilities...
CVE-2025-13748
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...
EUVD-2025-201540
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...
CVE-2025-13748
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...
CVE-2025-13748
CVE-2025-13748: Fluent Forms for WordPress (
CVE-2025-13748 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...
PT-2025-49355
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submission id' parameter due to missing validation on a user controlled key within...