4453 matches found
CVE-2025-43732
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...
CVE-2025-4962
CVE-2025-4962 describes an Insecure Direct Object Reference (IDOR) in Lunary API. The vulnerability exists in the endpoint POST /v1/templates and allows an authenticated user to create templates in another user’s project by manipulating the projectId query parameter. Root cause: missing server-si...
CVE-2025-43732
CVE-2025-43732 affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.10, 2024.Q4.0–Q4.7, 2024.Q3.1–Q3.13, 2024.Q2.1–Q2.13, 2024.Q1.1–Q1.17, and 7.4 GA through update 92. The vulnerability is an Insecure Direct Object Reference (IDOR) in the groupId parameter of the _com_liferay...
CVE-2025-43732
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...
PT-2025-33652 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: Lunary versions up to 0.8.8 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the POST /v1/templates endpoint of the Lunary API. The vulnerability allows authenticated users to create templates in another user's...
CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
CVE-2025-51628
Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...
CVE-2025-51533
The CVE-2025-51533 entry describes an Insecure Direct Object Reference (IDOR) in Sage DPW versions 2024_12_004 and earlier. The vulnerability allows unauthenticated attackers to access internal forms by sending a crafted GET request, implying a direct object access flaw that could disclose low-se...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
PT-2025-32305 · Sage · Sage Dpw
Name of the Vulnerable Software and Affected Versions: Sage DPW versions 2024 12 004 and below Description: An Insecure Direct Object Reference IDOR allows unauthorized attackers to access internal forms by sending a crafted GET request. Recommendations: Update Sage DPW to a version later than 20...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-51628
Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...
CVE-2025-51628
Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...