Lucene search
K

196 matches found

CVE
CVE
added 2025/10/12 2:27 a.m.16 views

CVE-2025-31997

CVE-2025-31997 affects HCL Unica Centralized Offer Management. The vulnerability is an Insecure Direct Object Reference (IDOR) that could allow an unauthenticated or authorized user to bypass access controls and directly access resources (e.g., database records or files). Root cause is insecure o...

7.5CVSS6.6AI score0.00209EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.23 views

EUVD-2021-11412

Malware in sbrugna...

8.1CVSS7.9AI score0.00646EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-32013

Malicious code in bioql PyPI...

6.6AI score0.002EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-5285

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00454EPSS
Exploits0References2
NVD
NVD
added 2025/09/30 11:37 a.m.5 views

CVE-2025-41092

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...

7.1CVSS0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:26 p.m.14 views

CVE-2025-59562 WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.3.4...

5.5CVSS0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.4 views

InnoShop 安全漏洞

InnoShop is an open source e-commerce system based on Laravel 11 by InnoShop Open Source. A security vulnerability exists in InnoShop 0.4.1 and earlier versions, which stems from the presence of insecure direct object references in multiple locations in the front-end store, which could lead to th...

6.4CVSS6.3AI score0.00265EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.12 views

CVE-2021-24500

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially...

8.1CVSS7AI score0.00646EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.4 views

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.4AI score0.00286EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/02 12:0 a.m.4 views

WordPress plugin Homey 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.1AI score0.002EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/03/27 12:32 a.m.5 views

WordPress Support Genix plugin <= 1.4.11 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by astra.r3verii in WordPress Plugin Support Genix versions = 1.4.11...

4.3CVSS6.9AI score0.00461EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/03/07 12:0 a.m.3 views

WordPress plugin SupportCandy 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. An authorization issue...

4.3CVSS8.8AI score0.00303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/03/03 12:0 a.m.4 views

PT-2025-9242

Name of the Vulnerable Software and Affected Versions Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR version 1.0.118 Description The issue is related to an Insecure Direct Object References IDOR in the component "/getStudemtAllDetailsById?studentId=XX". This allows...

6.5CVSS6.3AI score0.00336EPSS
Exploits0References8
OSV
OSV
added 2025/02/26 9:15 p.m.10 views

CVE-2024-50686

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the commonService API model...

9.1CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2025/02/26 9:15 p.m.6 views

CVE-2024-50685

SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references IDOR via the powerStationService API model...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/14 9:53 p.m.5 views

WordPress RTMKit plugin <= 1.6.7 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Chazz Wolcott Patchstack in WordPress Plugin RTMKit versions = 1.6.7...

6.5CVSS7AI score0.00247EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/01/30 9:15 a.m.7 views

CVE-2024-13694

The WooCommerce Wishlist High customization, fast setup,Free Elementor Wishlist, most features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the downloadpdffile function due to missing validation on a user controlled key. Th...

7.5CVSS5.8AI score0.00571EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/20 12:0 a.m.2 views

eSigna eSignaViewer 安全漏洞

eSigna eSignaViewer is a visualization component from eSigna, Inc. A security vulnerability exists in eSigna eSignaViewer versions 1.0 through 1.5, which stems from the presence of path traversal and insecure direct object references, allowing an attacker to access arbitrary files in the document...

2CVSS6.8AI score0.00341EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/09/25 10:59 a.m.4 views

WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin Salon booking system versions = 10.9...

8.8CVSS7AI score0.00333EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:29 p.m.5 views

WordPress Zephyr Project Manager plugin <=3.3.100 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Zephyr Project Manager versions = 3.3.100...

9.8CVSS7AI score0.00367EPSS
Exploits0Affected Software1
Rows per page
Query Builder