4435 matches found
CVE-2025-7718 Resideo Plugin for Resideo - Real Estate WordPress Theme <= 2.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Privilege Escalation via Account Takeover
The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This is due to the plugin not properly validating a user's identity prior to updating their details like email...
CVE-2025-52389
An Insecure Direct Object Reference IDOR in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request...
Linux Distros Unpatched Vulnerability : CVE-2020-27742
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the...
CVE-2025-52389
An Insecure Direct Object Reference IDOR in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request...
CVE-2025-52389
CVE-2025-52389 describes an Insecure Direct Object Reference (IDOR) in the application "Envasadora H2O Eireli - Soda Cristal" version v40.20.4 . The vulnerability allows authenticated attackers to access sensitive data belonging to other users through a crafted HTTP request. The issue’s CVSS v3.1...
Envasadora H2O Soda Cristal 安全漏洞
Envasadora H2O Soda Cristal is an application from Envasadora H2O, Brazil. A security vulnerability exists in Envasadora H2O Soda Cristal version v40.20.4, which stems from an insecure direct object reference that could lead to the disclosure of sensitive data...
PT-2025-36502
Name of the Vulnerable Software and Affected Versions: Envasadora H2O Eireli - Soda Cristal version 40.20.4 Description: An Insecure Direct Object Reference IDOR exists in Envasadora H2O Eireli - Soda Cristal version 40.20.4. Authenticated attackers can access sensitive data belonging to other...
CUSEC-2020
Based on the provided code and context, here is a summary of the analysis: Classification: This is an Insecure Direct Object Reference IDOR bug. Background: The bug occurs when the application does not verify that the current user is authorized to access a resource with a specific ID. In this cas...
Awesome-Bugbounty-Writeups
This is a curated list of bug bounty writeups, specifically focusing on various types of web application vulnerabilities. The repository is organized by vulnerability type, with sections for Cross-Site Scripting XSS, Cross-Site Request Forgery CSRF, Clickjacking, Local File Inclusion LFI, Subdoma...
WordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) Vulnerability
Insecure Direct Object References IDOR Vulnerability discovered by Muhammad Zidan Ali Mansur in WordPress Plugin wpForo Forum versions = 2.4.6...
CVE-2024-13063
Summary: CVE-2024-13063 affects Akinsoft MyRezzta (web application). An authorization bypass via a user-controlled key enables forceful browsing (IDOR) against the product. The vulnerability’s affected range is stated as MyRezzta versions from s2.02.02 before v2.05.01; upgrading to v2.05.01 or ne...
Linux Distros Unpatched Vulnerability : CVE-2021-21324
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI befor...
Linux Distros Unpatched Vulnerability : CVE-2020-27662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table...
CVE-2025-56254
PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference IDOR vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users...
CVE-2025-56254
PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference IDOR vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users...
PT-2025-35564
Name of the Vulnerable Software and Affected Versions: PHPGurukul Employee Leave Management System version 2.1 Description: The software contains an Insecure Direct Object Reference IDOR vulnerability in the leave-details.php file. An authenticated user can modify the leaveid parameter within the...
CVE-2025-56254
CVE-2025-56254 affects PHPGurukul Employee Leave Management System 2.1 with an Insecure Direct Object Reference (IDOR) in the file leave-details.php . An authenticated user can alter the URL parameter leaveid to access leave application details of other users, exposing sensitive data. Multiple co...
WordPress Miraculous Core Plugin plugin < 2.0.9 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Miraculous Core Plugin versions 2.0.9...
CVE-2025-45968
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...
Linux Distros Unpatched Vulnerability : CVE-2023-37543
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a...