Lucene search
K

4550 matches found

Cvelist
Cvelist
added 2025/08/22 12:0 a.m.9 views

CVE-2025-55626

An Insecure Direct Object Reference IDOR vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.46622503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage...

0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/22 12:0 a.m.8 views

CVE-2025-55621

An Insecure Direct Object Reference IDOR vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social...

0.00222EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.4 views

PT-2025-34457 · Reolink · Reolink Smart 2K+ Plug-In Wi-Fi Video Doorbell

Name of the Vulnerable Software and Affected Versions: Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.4662 2503122283 Description: The device suffers from an Insecure Direct Object Reference IDOR vulnerability. This allows unauthorized attackers to access Admin-only...

5.3CVSS6.8AI score0.00222EPSS
Exploits0References5
CVE
CVE
added 2025/08/22 12:0 a.m.21 views

CVE-2025-55621

The CVE-2025-55621 entry describes an insecure direct object reference (IDOR) in Reolink app version 4.54.0.4.20250526, where an attacker could access and download other users’ profile photos via a crafted URL. This is supported by multiple connected records noting the same vulnerability and the ...

6.5CVSS6.2AI score0.00222EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-50340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of oth...

4.3CVSS5.9AI score0.00304EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-1042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2...

7.5CVSS5.5AI score0.00406EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/21 5:34 p.m.4 views

CVE-2025-7051 N-central Syslog Configuration Insecure Direct Object Reference

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2...

8.3CVSS7AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/21 5:34 p.m.11 views

CVE-2025-7051 N-central Syslog Configuration Insecure Direct Object Reference

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2...

8.3CVSS0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/20 1:35 p.m.6 views

CVE-2025-43732

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

4.8CVSS6.5AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 8:3 a.m.9 views

CVE-2025-53208 WordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business paymaya-checkout-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maya Business: from n/a through = 1.2.0...

7.5CVSS0.0034EPSS
Exploits0References1
Redos
Redos
added 2025/08/19 12:0 a.m.5 views

ROS-20250819-01

Moodle virtual learning environment vulnerability related to IDOR issue in Feedback report. Exploitation The vulnerability could allow an attacker acting remotely to gain unauthorized access to features that would otherwise be restricted. functions that would otherwise be limited to Vulnerability...

7.5CVSS6.9AI score0.00597EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/08/18 3:30 p.m.7 views

Liferay Portal Vulnerable to Insecure Direct Object Reference

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

4.8CVSS7.2AI score0.00231EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/08/18 2:15 p.m.18 views

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

7.7CVSS0.00217EPSS
Exploits0References2
OSV
OSV
added 2025/08/18 2:15 p.m.5 views

CVE-2025-43732

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

2.7CVSS5.8AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2025/08/18 2:15 p.m.5 views

CVE-2025-43732

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

4.8CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2025/08/18 1:27 p.m.31 views

CVE-2025-4962

CVE-2025-4962 describes an Insecure Direct Object Reference (IDOR) in Lunary API. The vulnerability exists in the endpoint POST /v1/templates and allows an authenticated user to create templates in another user’s project by manipulating the projectId query parameter. Root cause: missing server-si...

7.7CVSS7.3AI score0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/18 1:20 p.m.3 views

CVE-2025-43732

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

4.8CVSS7.2AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2025/08/18 1:20 p.m.22 views

CVE-2025-43732

CVE-2025-43732 affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.10, 2024.Q4.0–Q4.7, 2024.Q3.1–Q3.13, 2024.Q2.1–Q2.13, 2024.Q1.1–Q1.17, and 7.4 GA through update 92. The vulnerability is an Insecure Direct Object Reference (IDOR) in the groupId parameter of the _com_liferay...

4.8CVSS7.2AI score0.00231EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.5 views

PT-2025-33652 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: Lunary versions up to 0.8.8 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the POST /v1/templates endpoint of the Lunary API. The vulnerability allows authenticated users to create templates in another user's...

7.7CVSS7AI score0.00217EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.5 views

CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80...

5.3CVSS7.1AI score0.00285EPSS
Exploits0References1
Rows per page
Query Builder