4443 matches found
CVE-2024-50693
SunGrow iSolarCloud ecosystem (Android app and cloud) is affected by insecure direct object references (IDOR) via the userService API model, with the Solar iCloud API and related services (powerStationService, orgService, commonService, devService) exposing unauthorized access to user data and po...
CVE-2024-50687
CVE-2024-50687 (SunGrow iSolarCloud) : The SunGrow iSolarCloud ecosystem (Android app and cloud) is vulnerable to multiple insecure direct object references (IDOR) via the devService API model, with related exposure noted for powerStationService, userService, orgService, and commonService APIs. T...
CVE-2024-50685
SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references IDOR via the powerStationService API model...
SunGrow iSolarCloud 安全漏洞
SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...
CVE-2024-50687
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the devService API model...
CVE-2024-50686
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the commonService API model...
CVE-2024-50686
SunGrow iSolarCloud (Android app and cloud) is affected by insecure direct object references (IDOR) via the commonService API model, with multiple CVE-2024-50686 references across NVD/Red Hat/CISA/CNNVD and related feeds. The publicly documented details specify IDOR exposure in the commonService ...
SunGrow iSolarCloud 安全漏洞
SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...
CVE-2024-50689
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the orgService API model...
CVE-2025-26977 WordPress FileBird plugin <= 6.4.2.1 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through = 6.4.2.1...
CVE-2025-26965 WordPress Amelia plugin <= 1.2.16 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through = 1.2.16...
CVE-2025-26965 WordPress Amelia plugin <= 1.2.16 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through = 1.2.16...
CVE-2025-26965
CVE-2025-26965 is an Auth bypass/IDOR flaw in the Amelia Booking plugin for WordPress (Booking for Appointments & Events Calendar – Amelia). The vulnerability affects the plugin’s cases prior to a patched release (vulnerable range includes
CVE-2024-13873
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto function due to missing validation on a user controlled key. This makes it...
CVE-2025-25282
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability that may lead to unauthorized cross-tenant access list tenant user accounts, add user account into...
WordPress Amelia plugin <= 1.2.16 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Revan Arifio Patchstack Alliance in WordPress Plugin Amelia versions = 1.2.16...
WordPress FileBird plugin <= 6.4.2.1 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Revan Arifio Patchstack Alliance in WordPress Plugin Filebird versions = 6.4.2.1...
CVE-2024-13855
The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the paeglobalblock shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2024-13873
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto function due to missing validation on a user controlled key. This makes it...
CVE-2024-13873
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto function due to missing validation on a user controlled key. This makes it...