Lucene search
K

113 matches found

Cvelist
Cvelist
added 2026/04/21 7:50 p.m.34 views

CVE-2026-40907 WWBN AVideo has IDOR in Live Restreams list.json.php that Exposes Other Users' Stream Keys and OAuth Tokens

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint plugin/Live/view/Liverestreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream...

6.5CVSS0.00269EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.113 views

📄 WBCE CMS Privilege Escalation / Insecure Direct Object Reference

WBCE CMS versions prior to 1.6.4 suffers from insecure direct object reference and privilege escalation vulnerabilities. CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation IDOR Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65094 | | Severity | HI...

8.8CVSS5.8AI score0.00338EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2026/03/19 5:30 a.m.3 views

CVE-2026-27397 WordPress Really Simple Security Pro plugin <= 9.5.4.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through 9.5.4.0...

6.5CVSS5.8AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/03/17 4:16 p.m.11 views

CVE-2026-28506

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

4.3CVSS0.00229EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/17 3:28 p.m.37 views

CVE-2026-24901 Outline's IDOR allows unauthorized viewing and seizing of private deleted drafts

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference IDOR vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users,...

8.1CVSS0.00312EPSS
Exploits1References1
OSV
OSV
added 2026/03/09 10:35 p.m.7 views

CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

6.9CVSS5.9AI score0.00365EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/09 8:11 p.m.7 views

EUVD-2026-10354

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...

8.7CVSS5.8AI score0.00292EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/09 7:35 p.m.31 views

CVE-2025-62166 FreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokens

FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This...

7.5CVSS0.0038EPSS
Exploits1References4
CVE
CVE
added 2026/02/27 4:33 a.m.18 views

CVE-2026-1558

Summary of CVE-2026-1558 (WP Recipe Maker

5.3CVSS5.5AI score0.00253EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.7 views

CVE-2026-2356

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

5.3CVSS5.5AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/24 10:25 p.m.7 views

CVE-2026-2697

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

8.8CVSS5.5AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 7:41 a.m.23 views

CVE-2025-40541

The CVE-2025-40541 entry describes an Insecure Direct Object Reference (IDOR) vulnerability in SolarWinds Serv-U. The issue allows an attacker to execute native code as a privileged account, requiring administrative privileges to exploit. On Windows deployments, risk is noted as medium because se...

9.1CVSS5.7AI score0.0057EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/23 4:29 p.m.9 views

CVE-2026-2697

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/02/23 4:29 p.m.6 views

CVE-2026-2697

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

8.8CVSS0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/23 3:17 p.m.29 views

CVE-2026-2697 Indirect Object Reference (IDOR) in Security Center

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

6.3CVSS0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/23 3:17 p.m.9 views

CVE-2026-2697 Indirect Object Reference (IDOR) in Security Center

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

6.3CVSS5.4AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2026/02/23 3:17 p.m.19 views

CVE-2026-2697

CVE-2026-2697 is an IDOR vulnerability in Tenable Security Center prior to 6.8.0 where an authenticated remote attacker can escalate privileges via the owner parameter. Multiple sources (NVD, Red Hat, CVE listings, and Tenable advisory) confirm the issue and its association with Security Center. ...

8.8CVSS5.4AI score0.00205EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.6 views

PT-2026-21523

Name of the Vulnerable Software and Affected Versions Security Center affected versions not specified Description An Indirect Object Reference IDOR exists in Security Center that could allow an authenticated remote attacker to escalate privileges. The issue is related to the owner parameter. An...

6.3CVSS5.3AI score0.00205EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.4 views

CVE-2025-68051 WordPress Shiprocket plugin <= 2.0.8 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket: from n/a through = 2.0.8...

7.5CVSS5.3AI score0.00304EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.8 views

Tenable Security Center < 6.8.0 Multiple Vulnerabilities (TNS-2026-07)

According to its self-reported version, the Tenable Security Center running on the remote host is prior to 6.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-07 advisory. - A flaw was found in the libssh implements abstract layer for message digest MD...

8.8CVSS6.8AI score0.01421EPSS
Exploits0References6
Rows per page
Query Builder