EUVD-2025-198225

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend relies solely on the participantId parameter to...

CVE-2025-12766

CVE-2025-12766 is a vulnerability in the Management Console of BlackBerry AtHoc (OnPrem) v7.21 where an insecure direct object reference (IDOR) could allow an attacker to gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS). Affected component:...

CVE-2025-12766 Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of affected versions of BlackBerry AtHoc.

An Insecure Direct Object Reference IDOR vulnerability in the Management Console of BlackBerry® AtHoc® OnPrem version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System IWS...

CVE-2025-12766 Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of affected versions of BlackBerry AtHoc.

An Insecure Direct Object Reference IDOR vulnerability in the Management Console of BlackBerry® AtHoc® OnPrem version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System IWS...

CVE-2025-12524

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

EUVD-2025-198128

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to...

CVE-2025-12427 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to...

CVE-2025-12427 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to...

CVE-2025-63513

kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference IDOR vulnerability in the appointment cancellation functionality...

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.4 that stems from an insecure direct object reference in the participant deletion feature,...

PT-2025-47468

An Insecure Direct Object Reference IDOR vulnerability in the Management Console of BlackBerry® AtHoc® OnPrem version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System IWS...

BlackBerry AtHoc 安全漏洞

BlackBerry AtHoc is a crisis communications solution for federal, state and local governments, public safety and law enforcement agencies, and schools from BlackBerry Canada. A security vulnerability exists in BlackBerry AtHoc version 7.21, which stems from the presence of insecure direct object...

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in versions of Rallly prior to 4.5.4 that stems from an insecure direct object reference in the vote modification feature,...

PT-2025-47505

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description Rallly, an open-source scheduling and collaboration tool, contains a flaw where an authenticated user can change votes in polls belonging to other participants without proper authorization. The backen...

PT-2025-47509

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description Rallly is a scheduling and collaboration tool. A security issue exists where an authenticated user can modify the display names of other participants in polls without authorization. This is possible b...

PT-2025-47506

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description An insecure direct object reference IDOR issue exists in Rallly, allowing authenticated users to delete arbitrary participants from polls without proper ownership verification. The issue stems from th...

WordPress SiteSEO – SEO Simplified plugin <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure vulnerability

Insecure Direct Object Reference to Sensitive Post Meta Disclosure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin SiteSEO versions = 1.3.2...

WordPress YITH WooCommerce Wishlist plugin <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename vulnerability

Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin YITH WooCommerce Wishlist versions = 4.10.0...

CVE-2025-63513

kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference IDOR vulnerability in the appointment cancellation functionality...

CVE-2025-63513

kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference IDOR vulnerability in the appointment cancellation functionality...