EUVD-2026-37604

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

CVE-2026-54184

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

CVE-2026-40768

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

CVE-2025-15657 WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

CVE-2026-54184

The CVE concerns WordPress plugin Clean Login prior to or up to version 1.15 with an Unauthenticated Insecure Direct Object References (IDOR) vulnerability. The root cause is an IDOR issue in the plugin, potentially exposing object identifiers to unauthenticated users. CVSS 3.1 metrics indicate h...

CVE-2026-40768

The CVE covers WordPress Salon booking system plugin versions

CVE-2026-40768 WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

EUVD-2025-210157

Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...

CVE-2026-52699

Unauthenticated Insecure Direct Object References IDOR in VikRentCar = 1.4.5 versions...

CVE-2026-48868

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

EUVD-2026-36847

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

CVE-2026-48868 WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

CVE-2026-40792 WordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in KiviCare = 4.2.1 versions...

CVE-2026-39518

The CVE pertains to WordPress EventPrime plugin versions

PT-2026-49477

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

CVE-2026-7787

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

IBM Langflow 安全漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.9.1 of IBM Langflow contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, which could allow...

WordPress plugin BuddyPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...