CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 4:26 p.m.•6 views

CVE-2020-16240

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference IDOR vulnerability allows user account data to be downloaded in JavaScript object notation JSON format by users who should not have access to such functionality. An attacker can download sensitive data related to...

5.3CVSS6.6AI score0.00898EPSS

RedhatCVE•added 2025/05/22 4:25 p.m.•13 views

CVE-2020-16194

An Insecure Direct Object Reference IDOR vulnerability was found in Prestashop Opart devis 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the deliveryaddress and invoiceaddress fields...

5.3CVSS6.8AI score0.01219EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:10 p.m.•4 views

CVE-2020-11589

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...

7.5CVSS6.6AI score0.01132EPSS

RedhatCVE•added 2025/05/22 3:33 p.m.•4 views

CVE-2020-35577

In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference IDOR allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier aka CommonDownload identification number...

6.5CVSS6.8AI score0.01007EPSS

RedhatCVE•added 2025/05/22 3:26 p.m.•6 views

CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

6.5CVSS6.7AI score0.01136EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:17 p.m.•11 views

CVE-2020-20183

Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00ABBX.3 and earlier allows attackers to gain privileges and access certain admin pages...

7.5CVSS7.3AI score0.01003EPSS

RedhatCVE•added 2025/05/22 3:12 p.m.•6 views

CVE-2020-13462

Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...

5.7CVSS6.9AI score0.00418EPSS

RedhatCVE•added 2025/05/22 12:46 p.m.•6 views

CVE-2018-17455

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals"...

7.5CVSS6AI score0.00621EPSS

RedhatCVE•added 2025/05/22 10:9 a.m.•6 views

CVE-2019-19259

GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...

4.3CVSS6.7AI score0.00587EPSS

RedhatCVE•added 2025/05/22 9:3 a.m.•3 views

CVE-2019-19616

An Insecure Direct Object Reference IDOR vulnerability in the Xtivia Web Time and Expense WebTE interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment...

4.3CVSS7AI score0.00683EPSS

RedhatCVE•added 2025/05/22 8:53 a.m.•6 views

CVE-2019-8235

An insecure direct object reference IDOR vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled...

6.5CVSS6.5AI score0.01881EPSS

RedhatCVE•added 2025/05/22 6:41 a.m.•3 views

CVE-2019-7890

An Insecure Direct Object Reference IDOR vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details...

7.5CVSS6.7AI score0.00836EPSS

RedhatCVE•added 2025/05/22 6:12 a.m.•7 views

CVE-2017-16630

In SapphireIMS 40971, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference IDOR in the local user creation function...

8.8CVSS6.7AI score0.00866EPSS

RedhatCVE•added 2025/05/22 5:48 a.m.•2 views

CVE-2017-16631

In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...

6.5CVSS7AI score0.00648EPSS

RedhatCVE•added 2025/05/22 4:44 a.m.•6 views

CVE-2019-17604

An Insecure Direct Object Reference IDOR vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information first name, last name, email, CV, phone number, and all other personal information by changing the value of the candidate id the id...

4.3CVSS6.5AI score0.00621EPSS

RedhatCVE•added 2025/05/22 4:26 a.m.•7 views

CVE-2019-13461

In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...

7.5CVSS6.7AI score0.01675EPSS

RedhatCVE•added 2025/05/22 3:14 a.m.•4 views

CVE-2018-17449

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference...

7.5CVSS6.2AI score0.00839EPSS