Lucene search
K

2764 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:10 p.m.5 views

CVE-2020-11589

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...

7.5CVSS6.6AI score0.01132EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:33 p.m.4 views

CVE-2020-35577

In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference IDOR allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier aka CommonDownload identification number...

6.5CVSS6.8AI score0.01007EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.7 views

CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

6.5CVSS6.7AI score0.01136EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:12 p.m.7 views

CVE-2020-13462

Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...

5.7CVSS6.9AI score0.00418EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.6 views

CVE-2019-19259

GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...

4.3CVSS6.7AI score0.00587EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 a.m.5 views

CVE-2019-19616

An Insecure Direct Object Reference IDOR vulnerability in the Xtivia Web Time and Expense WebTE interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment...

4.3CVSS7AI score0.00683EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 a.m.7 views

CVE-2019-8235

An insecure direct object reference IDOR vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled...

6.5CVSS6.5AI score0.01881EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:41 a.m.6 views

CVE-2019-7890

An Insecure Direct Object Reference IDOR vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details...

7.5CVSS6.7AI score0.00836EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:12 a.m.8 views

CVE-2017-16630

In SapphireIMS 40971, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference IDOR in the local user creation function...

8.8CVSS6.7AI score0.00866EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:44 a.m.9 views

CVE-2019-17604

An Insecure Direct Object Reference IDOR vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information first name, last name, email, CV, phone number, and all other personal information by changing the value of the candidate id the id...

4.3CVSS6.5AI score0.00621EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:26 a.m.8 views

CVE-2019-13461

In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...

7.5CVSS6.7AI score0.01675EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:14 a.m.5 views

CVE-2018-17449

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference...

7.5CVSS6.2AI score0.00839EPSS
Exploits0References1
OSV
OSV
added 2025/05/21 6:33 p.m.5 views

GHSA-CVGC-MX2W-H3W8 The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference

The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files...

8.6CVSS7.1AI score0.00301EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/21 6:33 p.m.18 views

The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference

The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files...

8.6CVSS8.5AI score0.00301EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/21 6:22 p.m.17 views

reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference

Insecure Direct Object Reference in the reintdownloadmanager TYPO3 extension allows remote attackers to read arbitrary files via the downloaduid parameter in the downloadAction...

8.6CVSS7.2AI score0.00301EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/05/21 5:19 p.m.2 views

GHSA-XXWR-WV9G-7JW3 The femanager TYPO3 extension allows Insecure Direct Object Reference

Insecure Direct Object Reference IDOR in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController...

5.3CVSS6.9AI score0.00242EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/05/21 5:19 p.m.15 views

The femanager TYPO3 extension allows Insecure Direct Object Reference

Insecure Direct Object Reference IDOR in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController...

5.3CVSS6.9AI score0.00242EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/05/21 4:19 p.m.22 views

CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

4.3CVSS0.00307EPSS
Exploits0References1
CVE
CVE
added 2025/05/21 4:19 p.m.65 views

CVE-2025-20114

CVE-2025-20114 concerns Cisco Unified Intelligence Center API security. The published entries indicate an authenticated, remote attacker could exploit insufficient validation of user-supplied API parameters to perform an insecure direct object reference (IDOR) attack, enabling horizontal privileg...

4.3CVSS5AI score0.00307EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/21 4:19 p.m.9 views

CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

4.3CVSS7.4AI score0.00307EPSS
Exploits0References1
Rows per page
Query Builder