4445 matches found
The femanager TYPO3 extension allows Insecure Direct Object Reference
Insecure Direct Object Reference IDOR in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController...
CVE-2025-20114
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...
CVE-2025-20114
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...
CVE-2025-20114
CVE-2025-20114 concerns Cisco Unified Intelligence Center API security. The published entries indicate an authenticated, remote attacker could exploit insufficient validation of user-supplied API parameters to perform an insecure direct object reference (IDOR) attack, enabling horizontal privileg...
CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...
CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...
CVE-2025-48207
The reintdownloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference...
CVE-2025-48202
The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference...
CVE-2025-48205
The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference...
TYPO3 femanager 安全漏洞
TYPO3 femanager is a TYPO3 extension to the TYPO3 open source. A security vulnerability exists in TYPO3 femanager version 8.2.1 and earlier, which stems from the presence of an unsafe direct object reference...
CVE-2025-48205
The CVE-2025-48205 entry concerns the sr_feuser_register extension for TYPO3 (up to version 12.4.8). The root cause is an Insecure Direct Object Reference that allows attackers to read arbitrary files. Impact is a high-severity exposure of potentially sensitive information. Public references in c...
CVE-2025-48207
The reintdownloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference...
CVE-2025-48202
The CVE-2025-48202 entry applies to the TYPO3 femanager extension (versions up to 8.2.1). The vulnerability is an Insecure Direct Object Reference (IDOR) in the newAction of the newController, allowing attackers to view frontend user data via a user parameter. Root cause is unsafe direct object r...
CVE-2025-48205
The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference...
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 12.4.8 and earlier, which stems from the presence of an unsafe direct object reference...
CVE-2025-48207
The reintdownloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference...
CVE-2025-48202
The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference...
CVE-2025-48205
The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference...
CVE-2025-48207
The CVE-2025-48207 entry concerns the TYPO3 reint_downloadmanager extension (versions up to 5.0.0). Affected component: reint_downloadmanager’s downloadAction handling allows Insecure Direct Object Reference via the downloaduid parameter, enabling attackers to read arbitrary files. Impact: inform...
Authorization Bypass Through User-Controlled Key
Overview in2code/femanager is a Modern TYPO3 Frontend User Registration. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the newAction function in NewController.php. An attacker can use an insecure direct object reference and view user data ...