4435 matches found
CVE-2025-32367
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...
CVE-2025-3282
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...
CVE-2025-3292
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...
CVE-2025-3282
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...
CVE-2025-3282 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...
CVE-2025-3282
CVE-2025-3282 affects the WordPress plugin User Registration & Membership – Custom Registration Form, Login Form, and User Profile . The flaw is an Insecure Direct Object Reference via the missing validation of the but publicly controllable key membership_id, enabling unauthenticated attackers to...
CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...
CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...
CVE-2025-3292
CVE-2025-3292 concerns the WordPress plugin “User Registration & Membership – Custom Registration Form, Login Form, and User Profile.” It is vulnerable to Insecure Direct Object Reference due to missing validation on the user_id parameter, enabling update of other users’ passwords when an attacke...
PT-2025-16168 · WordPress · User Registration & Membership
Name of the Vulnerable Software and Affected Versions: User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions up to, and including, 4.1.3 Description: The issue allows unauthenticated attackers to update other users' passwords if they...
CVE-2025-32367
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...
CVE-2025-32367
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...
CVE-2025-32367
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...
Oz Forensics Oz Liveness 安全漏洞
Oz Forensics Oz Liveness is a leading facial recognition and authentication software from Oz Forensics. A security vulnerability exists in Oz Forensics Oz Liveness versions prior to 4.0.8 late 2023, which stems from an insecure direct object reference that could lead to PII retrieval...
CVE-2025-32367
CVE-2025-32367 affects the Oz Forensics face recognition application prior to version 4.0.8 (late 2023). The root cause is an Insecure Direct Object Reference flaw in the /statistic/list endpoint, which could allow retrieval of PII. Public references from NVD/Red Hat describe the vulnerability, w...
Moodle 4.4.x < 4.4.2 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.12, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, or 4.4.x prior to 4.4.2. It is, therefore, affected by multiple vulnerabilities. - A LFI vulnerability when restoring malformed block backups....
Moodle 4.4.x < 4.4.4 Multiple Insecure Direct Object Reference
According to its self-reported version, the Moodle install hosted on the remote host is 4.4.x prior to 4.4.4. It is, therefore, affected by multiple insecure direct object reference. - An IDOR when accessing list of badge recipients. - An IDOR when accessing list of course badges. Note that the...
Citrix Provisioning - SoapService errors in the event viewer after installing 2042 CU2
Since installing 2402 CU2 there are multiple errors in the event viewer. The event logged during Citrix PVS Soap Server start: Source: SoapService Event ID: 1 Level: Error Event Data:MapiException: ErrorCodeOtherException An unexpected MAPI error occurred. The event logged every 5 minutes: Source...
Bykea: IDOR on in-app hardcoded zombie endpoint
The researcher discovered an Insecure Direct Object Reference IDOR vulnerability in a hardcoded legacy zombie endpoint that was no longer actively used but remained accessible. By reverse engineering the Android app and reviewing the code for unused endpoints, the sensitive details related to...
CVE-2025-22931
An insecure direct object reference IDOR in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members...