4443 matches found
WordPress User Registration plugin <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ User Password Update vulnerability discovered by wesley wcraft in WordPress Plugin User Registration versions = 4.1.3...
CVE-2025-32367
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...
CVE-2025-32367
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...
Oz Forensics Oz Liveness 安全漏洞
Oz Forensics Oz Liveness is a leading facial recognition and authentication software from Oz Forensics. A security vulnerability exists in Oz Forensics Oz Liveness versions prior to 4.0.8 late 2023, which stems from an insecure direct object reference that could lead to PII retrieval...
CVE-2025-32367
CVE-2025-32367 affects the Oz Forensics face recognition application prior to version 4.0.8 (late 2023). The root cause is an Insecure Direct Object Reference flaw in the /statistic/list endpoint, which could allow retrieval of PII. Public references from NVD/Red Hat describe the vulnerability, w...
CVE-2025-32367
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...
Moodle 4.4.x < 4.4.2 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.12, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, or 4.4.x prior to 4.4.2. It is, therefore, affected by multiple vulnerabilities. - A LFI vulnerability when restoring malformed block backups....
Moodle 4.4.x < 4.4.4 Multiple Insecure Direct Object Reference
According to its self-reported version, the Moodle install hosted on the remote host is 4.4.x prior to 4.4.4. It is, therefore, affected by multiple insecure direct object reference. - An IDOR when accessing list of badge recipients. - An IDOR when accessing list of course badges. Note that the...
Bykea: IDOR on in-app hardcoded zombie endpoint
The researcher discovered an Insecure Direct Object Reference IDOR vulnerability in a hardcoded legacy zombie endpoint that was no longer actively used but remained accessible. By reverse engineering the Android app and reviewing the code for unused endpoints, the sensitive details related to...
CVE-2025-22931
An insecure direct object reference IDOR in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members...
CVE-2025-22931
An insecure direct object reference IDOR in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members...
CVE-2025-22931
An insecure direct object reference IDOR in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members...
CVE-2025-22931
An insecure direct object reference IDOR in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members...
CVE-2025-22931
An insecure direct object reference IDOR in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members...
Open Solutions For Education OS4Ed OpenSIS 安全漏洞
Open Solutions For Education OS4Ed OpenSIS is commercial grade, secure, scalable and intuitive student information system, school management software from Open Solutions For Education, USA. Has all the features to run single or multiple organizations in one installation. Web-based, php code, MySQ...
CVE-2025-22931
OS4ED openSIS vulnerable to an insecure direct object reference (IDOR) in the /assets/stafffiles component affecting versions 7.0 through 9.1. Unauthenticated attackers can access files uploaded by staff members. The CVSS 3.1 base score is 7.5 (HIGH); attack vector NETWORK, scope UNCHANGED, confi...
PT-2025-14640 · Os4Ed · Os4Ed Opensis
Name of the Vulnerable Software and Affected Versions: OS4ED openSIS versions 7.0 through 9.1 Description: The issue concerns an insecure direct object reference IDOR in the /assets/stafffiles component. This allows unauthenticated attackers to access files that have been uploaded by staff member...
CVE-2025-3014
Insecure Direct Object References IDOR in access control in Tracking 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references...
CVE-2025-3013
Insecure Direct Object References IDOR in access control in Customer Portal before 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references...
WordPress JS Job Manager Plugin <= 2.0.2 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Hoang Tuan Kiet in WordPress Plugin JS Job Manager versions = 2.0.2...