Lucene search
+L

987 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.11 views

CVE-2026-57646

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

5.4CVSS0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.8 views

CVE-2026-57634

Contributor Insecure Direct Object References IDOR in PPWP = 1.9.19 versions...

4.3CVSS5.8AI score0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.35 views

CVE-2026-57634 WordPress PPWP plugin <= 1.9.19 - Insecure Direct Object References (IDOR) vulnerability

Contributor Insecure Direct Object References IDOR in PPWP = 1.9.19 versions...

4.3CVSS0.00185EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.15 views

CVE-2026-57634

This entry documents an IDOR vulnerability in the WordPress PPWP plugin (versions

4.3CVSS5.8AI score0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.8 views

CVE-2026-57630

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:53 p.m.22 views

CVE-2026-57630

CVE-2026-57630 describes an Unauthenticated Insecure Direct Object References (IDOR) vulnerability in the WordPress plugin Blocksy Companion Pro (versions

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.35 views

CVE-2026-56069 WordPress Toolset Forms plugin <= 2.6.24 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Toolset Forms = 2.6.24 versions...

7.5CVSS0.003EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.11 views

CVE-2025-66123

The CVE-2025-66123 entry describes an unauthenticated Insecure Direct Object References (IDOR) vulnerability in the WordPress BookPro plugin, versions

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:32 p.m.9 views

WordPress PPWP plugin <= 1.9.19 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin PPWP versions = 1.9.19...

4.3CVSS5.8AI score0.00185EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/25 6:8 p.m.2 views

CVE-2026-56772 NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS6AI score0.00204EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 6:3 p.m.4 views

CVE-2026-56767 Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.7CVSS6AI score0.0033EPSS
Exploits0References7
NVD
NVD
added 2026/06/25 2:16 p.m.11 views

CVE-2026-56013

Unauthenticated Insecure Direct Object References IDOR in License Manager for WooCommerce = 3.0.15 versions...

6.5CVSS0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:12 p.m.5 views

CVE-2026-56013

Unauthenticated Insecure Direct Object References IDOR in License Manager for WooCommerce = 3.0.15 versions...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.30 views

CVE-2026-56013 WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in License Manager for WooCommerce = 3.0.15 versions...

6.5CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:54 p.m.20 views

CVE-2026-56120

Affected software: OpenRemote before 1.25.0.Vulnerability: insecure direct object reference (IDOR) in the bulk alarm deletion endpoint.Root cause: removeAlarms() in AlarmResourceImpl.java omits realm-scoping validation in the JPA query, enabling any user with alarm-write permissions to enumerate ...

6AI score
Exploits0
NVD
NVD
added 2026/06/23 5:17 p.m.14 views

CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

8.4CVSS0.0056EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.7 views

CVE-2026-56784

OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...

8.6CVSS6AI score0.00258EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 12:13 p.m.13 views

EUVD-2026-38444

OpenRemote Manager before 1.24.2 contains an insecure direct object reference vulnerability in the removeAlarms method that allows authenticated users to delete alarms from other tenants by supplying arbitrary alarm IDs. The bulk deletion endpoint fails to validate that targeted alarm IDs belong ...

8.6CVSS6AI score0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:13 p.m.36 views

CVE-2026-56784

OpenRemote Manager before 1.24.2 contains an insecure direct object reference in removeAlarms(), enabling authenticated users to delete alarms across tenants by supplying arbitrary alarm IDs. The bulk deletion endpoint does not validate that IDs belong to the caller’s realm, enabling cross-tenant...

8.6CVSS6AI score0.00258EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 9:43 p.m.15 views

OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)

Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...

6AI score
Exploits0References5Affected Software1
Rows per page
Query Builder