4372 matches found
GHSA-W9F8-GXF9-RHVW Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
Summary Any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection Details Vulnerability 1: Missing authorization in collection querying In backend/openwebui/routers/retrieval.py, the querycollectionhandler function accepts a list of collectionnames but...
CVE-2026-33764 AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and Transcriptions
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user wi...
WordPress Amelia Booking Pro plugin <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change vulnerability
Authenticated Customer+ Insecure Direct Object Reference to Arbitrary User Password Change vulnerability discovered by Hunter Jensen skid in WordPress Plugin Amelia versions = 9.1.2...
msfpro
msfpro 🔥 Lightweight Web Exploitation Framework for Bug Bou...
BIT-DISCOURSE-2026-32114 Discourse's unscoped status lookups leak restricted metadata
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their identifiers. Th...
CVE-2026-33931
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...
CVE-2026-33730
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...
CVE-2026-33730 Open Source Point of Sale has an IDOR in Password Change (Home)
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...
CVE-2026-33730
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...
CVE-2026-29071 Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection. Version 0.8.6 patches the issue...
CVE-2026-29071 Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection. Version 0.8.6 patches the issue...
CVE-2025-14974
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...
GO-2026-4853 Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion in code.vikunja.io/api
Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via disclosure of the link share hash combined with an insecure direct object reference in attachment handling. An attacker can access sensitive data across the entire instance by chainin...
GO-2026-4814 New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api
New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api...
CVE-2026-3460
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...
CVE-2026-3111
Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/ID/username/thumbAAxAA.jpg' translated as 80x90 and 40x45. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of...
CVE-2026-32736
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
CVE-2026-32114
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
CVE-2026-1883
The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the deletefolders function due to missing validation on a user controlled key. This makes it possibl...