CVE-2024-4750 BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment

The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request...

CVE-2024-4274 Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the removepropertyattachmentajax function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and...

WordPress Buddyboss Platform Plugin < 2.6.0 is vulnerable to Insecure Direct Object References (IDOR)

Software Buddyboss Platform Type Plugin Vulnerable versions 2.6.0 Fixed in 2.6.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4750 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID edae12ac139d Credits Faris Krivi...

WordPress Essential Real Estate Plugin <= 4.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4274 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ccac1e739e5c Credits Lucio S...

WordPress KiviCare plugin <= 3.6.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Van Lyubov Patchstack Alliance in WordPress Plugin KiviCare versions = 3.6.6...

WordPress KiviCare Plugin <= 3.6.4 is vulnerable to Insecure Direct Object References (IDOR)

Software KiviCare Type Plugin Vulnerable versions = 3.6.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-35659 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 967b7ac814c1 Credits Van Lyubov Required...

WakaTime: IDOR to view order information of users and personal information

Vulnerability description not provided...

CVE-2024-5166

An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model...

CVE-2024-5166

An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model...

CVE-2024-5166 Insecure Direct Object Reference In Looker

An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model...

CVE-2024-5166

An Insecure Direct Object Reference (IDOR) affects Google Cloud Looker, allowing metadata exposure across authenticated Looker users who share the same LookML model. The CVE-2024-5166 entry states a CVSS v3.1 base score of 6.5 (Medium) with Confidentiality Impact: High and Impact on Integrity/Ava...

CVE-2024-5166 Insecure Direct Object Reference In Looker

An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model...

PT-2024-34804 · Google Cloud · Looker

Name of the Vulnerable Software and Affected Versions: Looker versions affected versions not specified Description: An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model. Recommendations: At the momen...

Google Cloud Looker 安全漏洞

Google Cloud Looker is an online tool used by Google, Inc. to transform data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from the presence of an unsafe direct object reference issue...

Insecure Direct Object Reference (IDOR) / Weak Encryption

nzo/url-encryptor-bundle is vulnerable to a Insecure Direct Object Reference IDOR. This vulnerability is due to a lack of mandatory key and initialization vector IV requirements, which makes the aes-256-ctr algorithm susceptible to malleability attacks. It allows attackers to decrypt and modify...

Insecure Direct Object Reference (IDOR)

org.bonitasoft.engine, bonita-server is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the absence of dynamic permissions, which previously existed only in the Subscription edition and were not customizable in the Community edition...

CVE-2024-4279

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...

CVE-2024-4843

ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege...

CVE-2024-4843

ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege...

CVE-2024-4843

CVE-2024-4843 affects Trellix ePolicy Orchestrator (ePO). Publicly cited documents describe insecure direct object references that let a least-privileged user manipulate client tasks and client task assignments, enabling privilege escalation. The NVD/NVD-derived entries describe impact as insuffi...