CVE-2025-57886 WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.30.0...

CVE-2025-55621

An Insecure Direct Object Reference IDOR vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social...

CVE-2025-55626

The CVE-2025-55626 entry concerns Reolink Smart 2K+ Plug-in Wi‑Fi Video Doorbell with Chime, firmware 3.0.0.4662_2503122283. The vulnerability is an Insecure Direct Object Reference (IDOR) that allows unauthorized access to Admin-only settings and the ability to edit session storage. Root cause i...

PT-2025-34452

Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: An Insecure Direct Object Reference IDOR vulnerability exists in Reolink. This allows unauthorized attackers to access and download other users' profile photos via a crafted URL. Recommendations:...

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime 安全漏洞

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime is a smart wired WiFi video doorbell from Reolink USA. A security vulnerability exists in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.46622503122283, which stems from an insecure direct object reference that cou...

PT-2025-34457 · Reolink · Reolink Smart 2K+ Plug-In Wi-Fi Video Doorbell

Name of the Vulnerable Software and Affected Versions: Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.4662 2503122283 Description: The device suffers from an Insecure Direct Object Reference IDOR vulnerability. This allows unauthorized attackers to access Admin-only...

Linux Distros Unpatched Vulnerability : CVE-2025-1042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2...

CVE-2025-55626

An Insecure Direct Object Reference IDOR vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.46622503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage...

CVE-2025-55626

An Insecure Direct Object Reference IDOR vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.46622503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage...

CVE-2025-55621

The CVE-2025-55621 entry describes an insecure direct object reference (IDOR) in Reolink app version 4.54.0.4.20250526, where an attacker could access and download other users’ profile photos via a crafted URL. This is supported by multiple connected records noting the same vulnerability and the ...

CVE-2025-55621

An Insecure Direct Object Reference IDOR vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social...

Linux Distros Unpatched Vulnerability : CVE-2025-50340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of oth...

CVE-2025-7051 N-central Syslog Configuration Insecure Direct Object Reference

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2...

CVE-2025-7051 N-central Syslog Configuration Insecure Direct Object Reference

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2...

CVE-2025-43732

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

CVE-2025-53208 WordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business paymaya-checkout-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maya Business: from n/a through = 1.2.0...

ROS-20250819-01

Moodle virtual learning environment vulnerability related to IDOR issue in Feedback report. Exploitation The vulnerability could allow an attacker acting remotely to gain unauthorized access to features that would otherwise be restricted. functions that would otherwise be limited to Vulnerability...

Liferay Portal Vulnerable to Insecure Direct Object Reference

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

CVE-2025-43732

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...