4373 matches found
CVE-2025-40541
The CVE-2025-40541 entry describes an Insecure Direct Object Reference (IDOR) vulnerability in SolarWinds Serv-U. The issue allows an attacker to execute native code as a privileged account, requiring administrative privileges to exploit. On Windows deployments, risk is noted as medium because se...
PT-2026-21671
Name of the Vulnerable Software and Affected Versions Serv-U versions 15.5.3 and earlier Description An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U. Exploitation of this issue allows a malicious actor to execute native code as a privileged account. This requires...
CVE-2026-2697
An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...
CVE-2026-2697
An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...
CVE-2026-2697
CVE-2026-2697 is an IDOR vulnerability in Tenable Security Center prior to 6.8.0 where an authenticated remote attacker can escalate privileges via the owner parameter. Multiple sources (NVD, Red Hat, CVE listings, and Tenable advisory) confirm the issue and its association with Security Center. ...
CVE-2026-2697 Indirect Object Reference (IDOR) in Security Center
An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...
CVE-2026-2697 Indirect Object Reference (IDOR) in Security Center
An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...
Insecure Direct Object Reference (IDOR)
pretix is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper authorization checks on file access endpoints, which allows an attacker to retrieve sensitive files of other users by supplying a known UUID...
CVE-2026-2997
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course...
CVE-2026-2997 WisdomGarden|Tronclass - Insecure Direct Object Reference
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course...
CVE-2026-2997
CVE-2026-2997 : WisdomGarden’s Tronclass contains an insecure direct object reference. An authenticated remote attacker who learns a course ID can modify a parameter to obtain a course invitation code and join any course. Public exploitation details are not provided in the connected documents; re...
CVE-2026-2997
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course...
PT-2026-21493
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course...
PT-2026-21523
Name of the Vulnerable Software and Affected Versions Security Center affected versions not specified Description An Indirect Object Reference IDOR exists in Security Center that could allow an authenticated remote attacker to escalate privileges. The issue is related to the owner parameter. An...
WisdomGarden Tronclass 安全漏洞
WisdomGarden Tronclass is an interactive teaching management platform developed by WisdomGarden Corporation. There is a security vulnerability in WisdomGarden Tronclass, which stems from insecure direct object references. This vulnerability could allow authenticated remote attackers to access any...
Tenable Security Center 安全漏洞
Tenable Security Center is a security center provided by the American company Tenable. There is a security vulnerability present in Tenable Security Center, which stems from an insecure direct object reference in the owner parameter, potentially leading to privilege escalation...
Insecure Direct Object Reference (IDOR)
spreeapi is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper ownership validation in the guest checkout flow, which allows an attacker to manipulate address ID parameters and bind arbitrary guest addresses to their order...
CVE-2025-69394
CVE-2025-69394 affects the WordPress plugin cnvrse (Cnvrse) for versions up to 0.26.02.10.20. It is an unauthenticated IDOR vulnerability (insecure direct object reference) that can enable unauthorized access to objects via a user-controlled key, as described in Red Hat and Patchstack entries and...
CVE-2025-68514
CVE-2025-68514: WordPress Paid Membership Subscriptions (Cozmoslabs)
CVE-2025-68514 WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through = 2.16.8...