4372 matches found
CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
📄 PEGA Infinity Brute Force / Insecure Direct Object Reference
PEGA Infinity suffers from brute forcing and insecure direct object reference vulnerabilities. Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by the brute force issue. Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by the idor issue. SEC Consult Vulnerability Lab...
CVE-2025-32223
CVE-2025-32223 is a Tutor LMS vulnerability: an authenticated (Subscriber+) Insecure Direct Object Reference in Tutor LMS
CVE-2026-27397
CVE-2026-27397 corresponds to an IDOR/authorization bypass in the WordPress plugin Really Simple Security Pro (Really Simple Plugins B.V.). The issue arises from incorrectly configured access control levels, allowing unauthorized access via a user-controlled key. Affected range includes Really Si...
CVE-2026-27397 WordPress Really Simple Security Pro plugin <= 9.5.4.0 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through 9.5.4.0...
CVE-2026-32736
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
CVE-2026-32736
The Hytale Modding Wiki has an IDOR vulnerability in versions before 1.0.0 that allows any authenticated user to access authors’ full names and email addresses by visiting a mod page via its slug. Affected software: Hytale Modding Wiki (pre-1.0.0). Impact: exposure of PII with MEDIUM severity (CV...
CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
CVE-2026-32694
The CVE-2026-32694 vulnerability affects Juju (versions 3.0.0 through 3.6.18). It arises when a secret owner grants a secret to a grantee and relies solely on a predictable secret XID to verify ownership. A malicious grantee who can request secrets can predict past secrets granted by the same own...
CVE-2026-32694 Insecure Direct Object Reference attack via predictable secret ID in Juju
In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...
CVE-2026-26004
Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference IDOR vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue...
Sentry 安全漏洞
Sentry is an open-source error tracking and performance monitoring platform for developers. Versions of Sentry prior to 26.1.0 contained a security vulnerability, which stemmed from an insecure direct object reference in the GroupEventJsonView endpoint across organizations...
PT-2026-26164
Name of the Vulnerable Software and Affected Versions Hytale Modding Wiki versions prior to 1.0.0 Description An Insecure Direct Object Reference IDOR exists in the Hytale Modding Wiki. This allows any authenticated user to access personal information of mod authors, including their full names an...
CVE-2026-26004
CVE-2026-26004 (Sentry) : A cross-organization insecure direct object reference (IDOR) exists in Sentry’s GroupEventJsonView endpoint for versions prior to 26.1.0. This could allow unauthorized access to event data across organizational boundaries. The issue is mitigated by upgrading to version 2...
EUVD-2026-12673
Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference IDOR vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue...
CVE-2026-26004 Sentry allows unauthorized access to event data across organizational boundaries
Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference IDOR vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue...
CVE-2026-24901
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference IDOR vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users,...
CVE-2026-28506
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...