196 matches found
CVE-2025-31997
CVE-2025-31997 affects HCL Unica Centralized Offer Management. The vulnerability is an Insecure Direct Object Reference (IDOR) that could allow an unauthenticated or authorized user to bypass access controls and directly access resources (e.g., database records or files). Root cause is insecure o...
EUVD-2021-11412
Malware in sbrugna...
EUVD-2025-32013
Malicious code in bioql PyPI...
EUVD-2025-5285
Malicious code in bioql PyPI...
CVE-2025-41092
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...
CVE-2025-59562 WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.3.4...
InnoShop 安全漏洞
InnoShop is an open source e-commerce system based on Laravel 11 by InnoShop Open Source. A security vulnerability exists in InnoShop 0.4.1 and earlier versions, which stems from the presence of insecure direct object references in multiple locations in the front-end store, which could lead to th...
CVE-2021-24500
Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially...
WordPress plugin LatePoint 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Homey 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Support Genix plugin <= 1.4.11 - Insecure Direct Object References (IDOR) Vulnerability
Insecure Direct Object References IDOR Vulnerability discovered by astra.r3verii in WordPress Plugin Support Genix versions = 1.4.11...
WordPress plugin SupportCandy 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. An authorization issue...
PT-2025-9242
Name of the Vulnerable Software and Affected Versions Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR version 1.0.118 Description The issue is related to an Insecure Direct Object References IDOR in the component "/getStudemtAllDetailsById?studentId=XX". This allows...
CVE-2024-50686
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the commonService API model...
CVE-2024-50685
SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references IDOR via the powerStationService API model...
WordPress RTMKit plugin <= 1.6.7 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Chazz Wolcott Patchstack in WordPress Plugin RTMKit versions = 1.6.7...
CVE-2024-13694
The WooCommerce Wishlist High customization, fast setup,Free Elementor Wishlist, most features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the downloadpdffile function due to missing validation on a user controlled key. Th...
eSigna eSignaViewer 安全漏洞
eSigna eSignaViewer is a visualization component from eSigna, Inc. A security vulnerability exists in eSigna eSignaViewer versions 1.0 through 1.5, which stems from the presence of path traversal and insecure direct object references, allowing an attacker to access arbitrary files in the document...
WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin Salon booking system versions = 10.9...
WordPress Zephyr Project Manager plugin <=3.3.100 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Zephyr Project Manager versions = 3.3.100...