4443 matches found
University Registration System 1.0 Insecure Direct Object Reference
University Registration System version 1.0 suffers from an insecure direct object reference vulnerability that allows for information disclosure. Exploit Title: University Registration System - IDOR Leads to Information Disclosure Date: 2025-03-25 Exploit Author: wa03/td9l Telegram: @wa03/@td9l...
CVE-2024-13558
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-12048
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-11137
An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the...
CVE-2024-13558
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-13558
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-13558 NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-13558 NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-12048
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-11137
An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the...
CVE-2024-11137
An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the...
CVE-2024-12048
CVE-2024-12048 describes an IDOR (Insecure Direct Object Reference) in transformeroptimus/superagi v0.0.14. The vulnerability arises from improper authorization checks across multiple API endpoints, allowing an attacker to view, edit, and delete other users’ information without proper authorizati...
CVE-2024-11137
The CVE describes an Insecure Direct Object Reference (IDOR) in lunary-ai/lunary v1.6.0 where PATCH /v1/runs/:id/score does not verify that the authenticated user owns or can modify the target run. An attacker can modify other users’ run scores by changing the id parameter, impacting data integri...
PT-2025-12098 · Unknown · Lunary-Ai/Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.6.0 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the "PATCH /v1/runs/:id/score" endpoint. This issue allows an attacker to update the score data of any run by manipulating the id...
PT-2025-12117 · Unknown · Transformeroptimus/Superagi
Name of the Vulnerable Software and Affected Versions: transformeroptimus/superagi version v0.0.14 Description: An IDOR Insecure Direct Object Reference vulnerability exists, allowing attackers to view, edit, and delete other users' information without proper authorization. The application fails ...
SuperAGI 安全漏洞
SuperAGI is an open source infrastructure application from SuperAGI Open Source. for building components, tools, frameworks, and models to implement open source AGI. A security vulnerability exists in SuperAGI version v0.0.14 that stems from improper authorization checking and could lead to an...
CVE-2025-2271
A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference IDOR vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive...
CVE-2024-13887
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajaxlistingsubmitimageupload' function due to missing validation on a user controlled key. This makes...
CVE-2025-2271 IDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.asp
A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference IDOR vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive...
CVE-2025-2271 IDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.asp
A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference IDOR vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive...