Lucene search
K

2854 matches found

Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.7 views

CVE-2026-10038 Charitable <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion via 'avatar' Parameter

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to Arbitrary Attachment Deletion in versions up to, and including, 1.8.11.1 via the profile avatar...

4.3CVSS5.6AI score0.00285EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/05 7:58 p.m.10 views

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

5.4CVSS5.5AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2025-14755

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

5.3CVSS5.5AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-9228

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2026-6965

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

5.3CVSS5.5AI score0.00304EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.8 views

CVE-2026-8238

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/messagepage' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

6.3CVSS5.5AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.7 views

CVE-2026-8239

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with Vector...

6.3CVSS5.5AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-5779

An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...

9.4CVSS5.5AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.12 views

CVE-2026-5652

An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...

9CVSS5.5AI score0.0044EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.8 views

CVE-2026-42463

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR Insecure Direct Object Reference and Authorization Bypass vulnerability in the /api/v1/datasource/exportDsSchema and /api/v1/datasource/uploadDsSchema...

8.6CVSS5.5AI score0.00249EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.8 views

CVE-2026-31942

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

7.1CVSS5.4AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 4:28 p.m.5 views

GHSA-7P8G-6C6G-H9W7 praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/agents/agentid gate access on requireworkspacememberworkspaceid only, then resolve agentid through AgentService.getagentid which is a primary-key lookup with no workspace...

8.3CVSS5.5AI score0.00043EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.13 views

PT-2026-46948

The Comment API GET /api/Comment and POST /api/Comment in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference IDOR vulnerability allows any authenticated...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.14 views

PT-2026-47087

Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspace id/agents/agent id gate access on require workspace memberworkspace id only, then resolve agent id through AgentService.getagent id which is a primary-key lookup with no workspace...

8.3CVSS5.5AI score0.00043EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/04 5:43 a.m.7 views

CVE-2026-49192 Summary Service Insecure Direct Object Reference

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 2:19 a.m.17 views

CVE-2026-10597

Affected product/vendor: OMICARD EDM — ITPison. Vulnerability: Insecure Direct Object Reference (IDOR) that allows unauthenticated remote attackers to modify a specific parameter to obtain a user’s email address. Impact (as described): Unauthorized disclosure of user email information due to IDOR...

6.9CVSS5.8AI score0.00244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46130

OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...

6.9CVSS5.8AI score0.00244EPSS
Exploits0References3
NVD
NVD
added 2026/06/01 11:16 p.m.13 views

CVE-2026-24756

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

4.3CVSS0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:51 p.m.18 views

CVE-2026-24756

Kiteworks CVE-2026-24756 affects the Kiteworks Secure Data Forms component. Before version 9.3.0, an Insecure Direct Object Reference (IDOR) allows an authenticated user to modify resources owned by other users due to insufficient authorization checks on ownership. A patch is available in version...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:24 p.m.20 views

praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The issue CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/issues/issueid gate access on requireworkspacememberworkspaceid only, then resolve issueid through IssueService.getissueid which is a primary-key lookup with no workspace...

5.8AI score0.00043EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder