Lucene search
+L

126 matches found

NVD
NVD
added 2025/11/19 6:15 p.m.11 views

CVE-2025-65020

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

6.5CVSS0.00238EPSS
Exploits1References2
OSV
OSV
added 2025/11/19 5:26 p.m.11 views

CVE-2025-65032 Rallly Has an IDOR Vulnerability in Participant Rename Function Allows Unauthorized Modification of Other Users’ Names

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the...

6.5CVSS6.6AI score0.00251EPSS
Exploits1References4
CVE
CVE
added 2025/11/19 5:24 p.m.25 views

CVE-2025-65020

Rallly (open-source scheduling tool) has an IDOR in the poll duplication endpoint /api/trpc/polls.duplicate that allows any authenticated user to duplicate polls they do not own by modifying the pollId. Root cause: insecure direct object reference. Impact: bypasses access control and enables clon...

6.5CVSS6.3AI score0.00238EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/10/27 6:15 p.m.5 views

CVE-2025-60982

IDOR vulnerability in Educare ERP 1.0 2025-04-22 allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object...

5.4CVSS0.00166EPSS
Exploits0References2
OSV
OSV
added 2025/10/13 9:31 p.m.4 views

GHSA-3CM9-JRF5-H2CX Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key

Insecure Direct Object Reference IDOR vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to from one account to view addresses fr...

5.3CVSS6.8AI score0.00279EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6030

Malware in sbrugna...

7.5CVSS7.5AI score0.0153EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-49685

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00483EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/01 12:42 a.m.18 views

CVE-2025-56392

An Insecure Direct Object Reference IDOR in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request...

8.1CVSS6.9AI score0.00306EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/09/30 11:17 a.m.8 views

CVE-2025-41099 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the list of permissions using unauthorised internal identifiers...

7.1CVSS0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/19 2:12 p.m.6 views

CVE-2025-8532 IDOR in Bimser's eBA Document and Workflow Management System

Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166...

6.4CVSS5.5AI score0.00117EPSS
Exploits0References2
CNVD
CNVD
added 2025/08/11 12:0 a.m.4 views

IBM Cloud Pak for Business Automation Licensing Issues Vulnerability

IBM Cloud Pak for Business Automation is an enterprise-class business process automation platform from IBM that provides intelligent document processing, workflow management and decision automation. A security vulnerability exists in IBM Cloud Pak for Business Automation that originates from a us...

6.5CVSS6.4AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/10 3:33 p.m.10 views

CVE-2025-36023

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key...

6.5CVSS9.2AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2025/08/08 3:15 p.m.4 views

CVE-2025-36023

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key...

6.5CVSS7.3AI score0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/08 2:51 p.m.6 views

CVE-2025-36023 IBM Cloud Pak for Business Automation security bypass

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key...

6.5CVSS9.1AI score0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/08 2:51 p.m.11 views

CVE-2025-36023 IBM Cloud Pak for Business Automation security bypass

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key...

6.5CVSS0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/08 12:0 a.m.5 views

IBM Cloud Pak for Business Automation 安全漏洞

IBM Cloud Pak for Business Automation is an enterprise-class business process automation platform from IBM that provides intelligent document processing, workflow management and decision automation. A security vulnerability exists in IBM Cloud Pak for Business Automation that originates from a us...

6.5CVSS6.3AI score0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.11 views

PT-2025-32362 · Ibm · Ibm Cloud Pak For Business Automation

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Business Automation versions 24.0.0 through 24.0.0 IF005 IBM Cloud Pak for Business Automation versions 24.0.1 through 24.0.1 IF002 Description: The software contains a flaw that may allow an authenticated user to view...

6.5CVSS9.3AI score0.00256EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 8:13 a.m.10 views

CVE-2024-9825

The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...

5.4CVSS5.5AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:1 a.m.10 views

CVE-2023-45893

An indirect Object Reference IDOR in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information...

7.5CVSS6.9AI score0.00578EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:19 a.m.9 views

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

6.5CVSS7.2AI score0.00584EPSS
Exploits1
Rows per page
Query Builder