4435 matches found
CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80...
IBM Cloud Pak for Business Automation Licensing Issues Vulnerability
IBM Cloud Pak for Business Automation is an enterprise-class business process automation platform from IBM that provides intelligent document processing, workflow management and decision automation. A security vulnerability exists in IBM Cloud Pak for Business Automation that originates from a us...
CVE-2025-36023
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
CVE-2025-36023
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key...
CVE-2025-36023 IBM Cloud Pak for Business Automation security bypass
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key...
CVE-2025-36023 IBM Cloud Pak for Business Automation security bypass
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key...
PT-2025-32362 · Ibm · Ibm Cloud Pak For Business Automation
Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Business Automation versions 24.0.0 through 24.0.0 IF005 IBM Cloud Pak for Business Automation versions 24.0.1 through 24.0.1 IF002 Description: The software contains a flaw that may allow an authenticated user to view...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
CVE-2025-51628
Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...
CVE-2025-51533
The CVE-2025-51533 entry describes an Insecure Direct Object Reference (IDOR) in Sage DPW versions 2024_12_004 and earlier. The vulnerability allows unauthenticated attackers to access internal forms by sending a crafted GET request, implying a direct object access flaw that could disclose low-se...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
PT-2025-32305 · Sage · Sage Dpw
Name of the Vulnerable Software and Affected Versions: Sage DPW versions 2024 12 004 and below Description: An Insecure Direct Object Reference IDOR allows unauthorized attackers to access internal forms by sending a crafted GET request. Recommendations: Update Sage DPW to a version later than 20...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-51628
Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...
CVE-2025-51628
Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...