4405 matches found
CVE-2024-10696
The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...
CVE-2024-10696 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode
The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...
CVE-2024-10696
CVE-2024-10696 affects UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS, Woo Widget, Menu Builder, Anywhere Elementor Shortcode) for WordPress. Versions
CVE-2024-10696 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode
The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...
WordPress UltraAddons plugin <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode vulnerability
Insecure Direct Object Reference to Sensitive Information Exposure via UATemplate Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin UltraAddons Elementor Lite versions = 1.1.8...
AZL-53831 CVE-2024-53084 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close, outstanding VM mappings may result in resources being leaked, due to an object reference loop, as shown below, with ea...
CVE-2024-53084
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close, outstanding VM mappings may result in resources being leaked, due to an object reference loop, as shown below, with ea...
CVE-2024-53084 drm/imagination: Break an object reference loop
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close, outstanding VM mappings may result in resources being leaked, due to an object reference loop, as shown below, with ea...
CVE-2024-53084 drm/imagination: Break an object reference loop
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close, outstanding VM mappings may result in resources being leaked, due to an object reference loop, as shown below, with ea...
CVE-2024-53084
CVE-2024-53084 affects the Linux kernel’s DRM/Imagination driver path for PVR, where a resource cleanup reference loop between PVR VM Context and VM Mappings could leak VM resources. The official fix breaks the loop by freeing outstanding VM mappings before destroying the PVR Context associated w...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of an object reference loop problem...
TikTok: IDOR on ads.tiktok.com Allows Unauthorized Product Addition
An Insecure Direct Object Reference IDOR vulnerability was discovered on the TikTok Ads API that allowed the addition of arbitrary products to a user's catalog without proper authorization...
CVE-2024-48901 Moodle: idor when fetching report schedules
A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report...
PT-2024-9175 · Absysnet · Absysnet
Name of the Vulnerable Software and Affected Versions: AbsysNet version 2.3.1 Description: An IDOR Insecure Direct Object Reference vulnerability has been discovered, which could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifi...
AbsysNET 安全漏洞
AbsysNET is an open source library online management system from Library Technology Guides. A security vulnerability exists in AbsysNet version 2.3.1, which stems from an insecure direct object reference that allows an attacker to obtain an unauthenticated user session by brute-force attacking th...
WordPress WP Project Manager plugin <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass vulnerability
Insecure Direct Object Reference to Unauthenticated Authorization Bypass vulnerability discovered by stealthcopter in WordPress Plugin WP Project Manager versions = 2.6.13...
CVE-2024-10174
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'AbstractPermission' class due to missing validation on the 'useri...
CVE-2024-10174
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'AbstractPermission' class due to missing validation on the 'useri...
CVE-2024-10174 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'AbstractPermission' class due to missing validation on the 'useri...
CVE-2024-10174
CVE-2024-10174 – WP Project Manager (WordPress) vulnerability : The plugin versions