Exploit for CVE-2025-51859

CVE-2025-51859 Vulnerability description Chaindesk, a w...

PYSEC-2025-181

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

CVE-2025-5816

The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the getorderdetail due to missing validation on a user controlled key. This makes it possible for...

CVE-2025-5816 Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking Details

The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the getorderdetail due to missing validation on a user controlled key. This makes it possible for...

CVE-2025-5816

CVE-2025-5816 affects the WordPress plugin “Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship” (Biteship) up to version 3.2.0. The root cause is an Insecure Direct Object Reference via get_order_detail(), caused by a missing validation on a user-controlled key. This allows aut...

CVE-2025-5816 Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking Details

The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the getorderdetail due to missing validation on a user controlled key. This makes it possible for...

PT-2025-29987 · WordPress · Plugin Pengiriman Woocommerce Kurir Reguler

Name of the Vulnerable Software and Affected Versions: Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship versions through 3.2.0 Description: The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship for WordPress is susceptible to an Insecure Direct Object...

SingleStore: IDOR - Scheduled data leak to other accounts By "projectID"

The Insecure Direct Object Reference IDOR vulnerability was discovered in the GetNotebookScheduledPaginatedJobs endpoint on backend.singlestore.com. The API failed to verify the requestor's permission to access the specified project, allowing an authenticated user to access scheduled job...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

CVE-2025-50693

PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...

CVE-2025-50693

PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...

CVE-2025-50693

PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...

CVE-2025-50693

PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...

PHPGurukul Online DJ Booking Management System 安全漏洞

PHPGurukul Online DJ Booking Management System is an online DJ booking management system from PHPGurukul Inc. A security vulnerability exists in version 2.0 of the PHPGurukul Online DJ Booking Management System due to an insecure direct object reference in odms/request-details.php...

PT-2025-26752 · Unknown · Phpgurukul Online Dj Booking Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online DJ Booking Management System version 2.0 Description: The issue is related to Insecure Direct Object Reference IDOR in the odms/request-details.php file. This could potentially allow unauthorized access to sensitive...

CVE-2025-50693

The CVE-2025-50693 entry applies to PHPGurukul Online DJ Booking Management System 2.0, with an Insecure Direct Object Reference (IDOR) in odms/request-details.php. The root cause is IDOR allowing access to potentially sensitive information (impact: confidentiality – None, integrity – Low, availa...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

PT-2025-26591 · Innoshop · Innoshop

Name of the Vulnerable Software and Affected Versions: Innoshop versions 0.4.1 and earlier Description: The issue allows for Insecure Direct Object Reference IDOR at multiple places within the frontend shop. This can be exploited by creating a customer account, allowing an attacker to disclose th...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...