CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 9:12 p.m.•5 views

CVE-2021-36389

In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4"...

7.5CVSS6.8AI score0.02991EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 9:6 p.m.•9 views

CVE-2021-42642

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference IDOR vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer...

7.5CVSS7AI score0.01387EPSS

RedhatCVE•added 2025/05/22 9:6 p.m.•6 views

CVE-2021-42640

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference IDOR vulnerability that allows an unauthenticated attacker to reassign drivers for any printer...

9.1CVSS7AI score0.0206EPSS

RedhatCVE•added 2025/05/22 9:5 p.m.•19 views

CVE-2021-42641

7.5CVSS6.9AI score0.0206EPSS

RedhatCVE•added 2025/05/22 9:4 p.m.•4 views

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

8.8CVSS6.8AI score0.01798EPSS

RedhatCVE•added 2025/05/22 8:43 p.m.•1 views

CVE-2021-39889

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch...

4.3CVSS5.9AI score0.00806EPSS

RedhatCVE•added 2025/05/22 8:36 p.m.•4 views

CVE-2021-35337

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...

4.3CVSS5.9AI score0.00818EPSS

RedhatCVE•added 2025/05/22 8:9 p.m.•7 views

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

6.5CVSS6.6AI score0.00944EPSS

RedhatCVE•added 2025/05/22 7:58 p.m.•5 views

CVE-2021-36388

In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4"...

7.5CVSS6.8AI score0.03053EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 7:27 p.m.•4 views

CVE-2021-26024

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account...

5.3CVSS6.9AI score0.16758EPSS

RedhatCVE•added 2025/05/22 6:44 p.m.•6 views

CVE-2021-37777

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...

7.5CVSS6.4AI score0.01648EPSS

RedhatCVE•added 2025/05/22 5:52 p.m.•6 views

CVE-2020-7948

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...

8.8CVSS6.9AI score0.02191EPSS

RedhatCVE•added 2025/05/22 5:11 p.m.•9 views

CVE-2020-8503

Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...

6.5CVSS6.6AI score0.00731EPSS

RedhatCVE•added 2025/05/22 5:6 p.m.•9 views

CVE-2020-9384

An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the applicati...

8.8CVSS6.6AI score0.01902EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 4:50 p.m.•6 views

CVE-2020-8235

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...

4.3CVSS6.7AI score0.00772EPSS

RedhatCVE•added 2025/05/22 4:26 p.m.•6 views

CVE-2020-16240

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference IDOR vulnerability allows user account data to be downloaded in JavaScript object notation JSON format by users who should not have access to such functionality. An attacker can download sensitive data related to...

5.3CVSS6.6AI score0.00898EPSS

Exploits0

RedhatCVE•added 2025/05/22 4:25 p.m.•13 views

CVE-2020-16194

An Insecure Direct Object Reference IDOR vulnerability was found in Prestashop Opart devis 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the deliveryaddress and invoiceaddress fields...

5.3CVSS6.8AI score0.01219EPSS

RedhatCVE•added 2025/05/22 4:18 p.m.•8 views

CVE-2020-13815

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference...

7.5CVSS6.9AI score0.0153EPSS

Exploits0

RedhatCVE•added 2025/05/22 4:10 p.m.•4 views

CVE-2020-11589

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...

7.5CVSS6.6AI score0.01132EPSS