WordPress Eagle Booking plugin <= 1.3.4.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Bonds in WordPress Plugin Eagle Booking versions = 1.3.4.3...

CVE-2025-12524

CVE-2025-12524 refers to the WordPress plugin Post Type Switcher (versions up to and including 4.0.0). The issue is an Insecure Direct Object Reference due to missing validation on a user-controlled key, allowing authenticated attackers with Author-level access or higher to modify the post type o...

CVE-2025-12524 Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

EUVD-2025-197957

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

PT-2025-47243

Name of the Vulnerable Software and Affected Versions Post Type Switcher plugin for WordPress versions up to and including 4.0.0 Description The software contains an Insecure Direct Object Reference issue because of missing validation on a user-controlled key. Authenticated attackers with...

CVE-2025-63513

CVE-2025-63513 affects kishan0725 Hospital Management System v4 with an Insecure Direct Object Reference (IDOR) in the appointment cancellation feature. The vulnerability allows unauthorized access to appointment-related operations without proper authorization checks, per Red Hat and CVE listings...

EUVD-2025-198032

kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference IDOR vulnerability in the appointment cancellation functionality...

CVE-2025-63513

kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference IDOR vulnerability in the appointment cancellation functionality...

Hospital Management System 安全漏洞

Hospital Management System is a hospital management software by Pon Aravind Boominathan Individual Developer. A security vulnerability exists in Hospital Management System version v4, which stems from an insecure direct object reference in the Appointment Cancellation feature that could lead to...

CVE-2025-64706

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...

CVE-2025-41069

Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...

GHSA-6CQF-CFHV-659G File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function

Summary It has been found an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. This vulnerability allows any authenticated user with share permissions to delete other users' shared links without authorization checks. The impact is...

EUVD-2025-150363

File Browser is Vulnerable to Insecure Direct Object Reference IDOR in Share Deletion Function...

CVE-2025-64706

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...

EUVD-2025-175346

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...

CVE-2025-64706 Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...

EUVD-2025-169288

Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...

CVE-2025-41069

Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...

CVE-2025-41069 Insecure Direct Object References (IDOR) in DeporSite of T-Innova DeporSite

Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...

CVE-2025-41069 Insecure Direct Object References (IDOR) in DeporSite of T-Innova DeporSite

Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...