Lucene search
K

7 matches found

NVD
NVD
added 2026/06/23 9:17 p.m.13 views

CVE-2026-56120

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56784...

Exploits0
EUVD
EUVD
added 2026/06/23 8:54 p.m.8 views

EUVD-2026-38594

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56784...

8.6CVSS5.7AI score0.00258EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/23 12:13 p.m.4 views

CVE-2026-56784 OpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion Endpoint

OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...

8.6CVSS6AI score0.00258EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.40 views

CVE-2026-56784 OpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion Endpoint

OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...

8.6CVSS0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:13 p.m.30 views

CVE-2026-56784

OpenRemote Manager before 1.24.2 contains an insecure direct object reference in removeAlarms(), enabling authenticated users to delete alarms across tenants by supplying arbitrary alarm IDs. The bulk deletion endpoint does not validate that IDs belong to the caller’s realm, enabling cross-tenant...

8.6CVSS6AI score0.00258EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 9:43 p.m.13 views

OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)

Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...

6AI score
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/19 9:43 p.m.11 views

GHSA-H3M5-97JQ-QJRF OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)

Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...

9.6CVSS6AI score0.00258EPSS
Exploits0References5
Rows per page
Query Builder