4405 matches found
Chamilo LMS 安全漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilitie...
PT-2026-32009
Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3 Description Chamilo LMS contains an Insecure Direct Object Reference IDOR issue in the gradebook evaluation edit page. An authenticated teacher can view and modify evaluation settin...
WordPress MStore API plugin <= 4.18.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta Update vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Meta Update vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin MStore API versions = 4.18.3...
CVE-2026-3568
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the updateuserprofile function in controllers/flutter-user.php processing the 'metadata' JSON parameter without any allowlist, blocklist, or validatio...
CVE-2026-3568 MStore API <= 4.18.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta Update
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the updateuserprofile function in controllers/flutter-user.php processing the 'metadata' JSON parameter without any allowlist, blocklist, or validatio...
CVE-2026-3568 MStore API <= 4.18.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta Update
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the updateuserprofile function in controllers/flutter-user.php processing the 'metadata' JSON parameter without any allowlist, blocklist, or validatio...
PT-2026-31567
Name of the Vulnerable Software and Affected Versions MStore API plugin for WordPress versions up to and including 4.18.3 Description The MStore API plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This stems from the update user profile function within...
CVE-2026-32589 Mirror-registry: quay: insecure direct object reference in blobupload
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...
CVE-2026-32589 Mirror-registry: quay: insecure direct object reference in blobupload
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...
EUVD-2026-20472
Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...
CVE-2026-35023 Wimi Teamwork On-Premises < 8.2.0 IDOR via preview.php
Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...
CVE-2026-35023 Wimi Teamwork On-Premises < 8.2.0 IDOR via preview.php
Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...
CVE-2026-35023
Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...
CVE-2026-35023
CVE-2026-35023 concerns Wimi Teamwork On-Premises versions prior to 8.2.0. The issue is an insecure direct object reference (IDOR) in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and retrieve im...
EUVD-2026-20127
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...
WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2sid' Parameter vulnerability discovered by s00me00ne in WordPress Plugin Blog2Social versions = 8.8.3...
CVE-2026-39616 WordPress Download Attachments plugin <= 1.4.0 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.4.0...
CVE-2026-39526
WpStream WordPress plugin < 4.11.2 contains an Insecure Direct Object References (IDOR) vulnerability leading to an Authorization Bypass via a user-controlled key. Root cause: misconfigured access control allowing unauthorized access to resources. Affected product/version: WPStream plugin for ...
CVE-2026-4654
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...
CVE-2026-4330
The affected software is the Blog2Social: Social Media Auto Post & Scheduler WordPress plugin. All versions up to 8.8.3 are affected by an authorization bypass in AJAX handlers: the plugin does not validate that the user-supplied b2s_id belongs to the current user before UPDATE/DELETE actions. Th...