4453 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-27663
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemTyp...
Linux Distros Unpatched Vulnerability : CVE-2020-27662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table...
CVE-2025-56254
PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference IDOR vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users...
CVE-2025-56254
PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference IDOR vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users...
CVE-2025-56254
CVE-2025-56254 affects PHPGurukul Employee Leave Management System 2.1 with an Insecure Direct Object Reference (IDOR) in the file leave-details.php . An authenticated user can alter the URL parameter leaveid to access leave application details of other users, exposing sensitive data. Multiple co...
Linux Distros Unpatched Vulnerability : CVE-2023-37543
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a...
Chatbots, APIs, and the Hidden Risks Inside Your Application Stack
What happens when a legacy application quietly slips under the radar and ends up at the center of a security incident involving AI and APIs? For one global organization, this scenario played out in real time when an unusual chatbot behavior sparked a closer look into their recruitment platform,...
Linux Distros Unpatched Vulnerability : CVE-2022-2499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions...
CVE-2025-45968
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...
CVE-2025-45968
Summary: CVE-2025-45968 affects System PDV v1.0 and is an IDOR vulnerability in the hash URL parameter that permits a remote attacker to access other users’ data or internal resources without proper authorization. The issue is consistently described across multiple sources (NVD, Red Hat, CVE List...
PDV-Systeme System PDV 安全漏洞
PDV-Systeme System PDV is an order management software from the German company PDV-Systeme. A security vulnerability exists in PDV-Systeme System PDV version 1.0, which stems from an insecure direct object reference in the hash parameter and could lead to the disclosure of sensitive information...
CVE-2025-45968
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...
PT-2025-34610 · Unknown · System Pdv Version 1.0
Name of the Vulnerable Software and Affected Versions: System PDV version 1.0 Description: The application contains an Insecure Direct Object Reference IDOR vulnerability due to a lack of proper authorization checks when accessing objects referenced by the hash parameter in a URL. This allows...
CVE-2025-55621
An Insecure Direct Object Reference IDOR vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social...
CVE-2025-55626
An Insecure Direct Object Reference IDOR vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.46622503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage...
CVE-2025-55626
An Insecure Direct Object Reference IDOR vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.46622503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage...
CVE-2025-55621
An Insecure Direct Object Reference IDOR vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social...
CVE-2025-55621
An Insecure Direct Object Reference IDOR vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social...
WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability
Insecure Direct Object References IDOR Vulnerability discovered by n0arafatn0 in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.30.0...
CVE-2025-57886 WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through...