4382 matches found
CVE-2026-1213
CVE-2026-1213 affects askbot up to version 0.12.2, where an attacker authenticated with normal user permissions can modify other users’ profile pictures due to inexhaustive permissions checks. Red Hat, OSV-GHSA entries, and related advisories corroborate the issue as an IDOR-like permission flaw ...
CVE-2026-1213 Askbot 0.12.2 - Insecure Direct Object Reference (IDOR)
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
CVE-2025-9520
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account...
CVE-2025-9520
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account...
CVE-2025-9520
Technical details (affected products, specific component, root cause, versions, or exploits) are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories.
EUVD-2025-206335
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account...
CVE-2025-9520 IDOR Leading to Owner Account Hijacking in Omada Controller
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account...
CVE-2025-9520 IDOR Leading to Owner Account Hijacking in Omada Controller
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account...
CVE-2026-24136
Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...
BIT-MOODLE-2025-3647 Moodle: idor when accessing the cohorts report
A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve...
BIT-MOODLE-2025-3636 Moodle: idor in moodle rss block allows unauthorized access to rss feeds
A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks...
PT-2026-4808
Name of the Vulnerable Software and Affected Versions Omada Controllers affected versions not specified Description An IDOR Insecure Direct Object Reference issue exists in Omada Controllers. An attacker with Administrator permissions can manipulate requests and potentially hijack the Owner...
CVE-2026-24136 Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API
Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...
CVE-2026-24136 Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API
Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...
CVE-2026-24599
CVE-2026-24599 affects WordPress plugin XLPlugins NextMove Lite (WooCommerce) and is described as an Authorization Bypass Through User-Controlled Key via an insecure Direct Object Reference (IDOR) in the NextMove Lite woo-thank-you-page-nextmove-lite component. Public sources (NVD, Red Hat, CVE L...
CVE-2026-20750 Gitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR)
Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...
CVE-2026-20750 Gitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR)
Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...
CVE-2026-24379 WordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.3...
CVE-2026-22430
CVE-2026-22430 affects Mikado-Themes Verdure Verdure WordPress theme (versions up to 1.6). Described as Authorization Bypass Through User-Controlled Key, an IDOR-style vulnerability that arises from incorrectly configured access control. Reported impact/metrics indicate a base CVSS 3.1 v3.1 score...
CVE-2026-22409
CVE-2026-22409 affects Mikado-Themes Justicia (WordPress plugin/theme) withJustice trivia: Authorized bypass via a user-controlled key in access control, impacting Justicia versions up to 1.2 and未明确的根本原因。 Connected documents identify this as an Insecure Direct Object Reference (IDOR) style vulner...