Kiteworks security vulnerabilities

Kiteworks is a secure private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow authentication attackers ...

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from insecure direct object references in the Express Entry Detail block, which may allow unauthorized access to...

WebPros Comet Backup 安全漏洞

WebPros Comet Backup is a data backup and recovery platform developed by the Swiss company WebPros. Versions 20.11.0 to 26.1.1, and 26.2.1 of WebPros Comet Backup contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, allowing tenant administrators to...

CVE-2026-4896

The CVE-2026-4896 entry concerns the WCFM – Frontend Manager for WooCommerce plugin with the Bookings Subscription Listings Compatible extension for WordPress, affected up to version 6.7.25. The vulnerability is an Insecure Direct Object Reference (IDOR) affecting authenticated users with Vendor-...

educativa Campus Educativa 访问控制错误漏洞

Educativa Campus Educativa is an educational management platform owned by the Spanish company Educativa. Educativa Campus Educativa has a security vulnerability related to access control. This vulnerability stems from insecure direct object references in the...

Open eClass 安全漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow unauthenticated remote attackers to acce...

WordPress Overton theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Overton versions = 1.3...

EUVD-2014-4555

Malware in sbrugna...

CVE-2024-4843

ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege...

WordPress plugin FileBird 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-6929 Authorization Bypass Through User-Controlled Key in EuroTel ETL3100

EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the...

CVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

CVE-2023-2548

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

SUSE CVE-2018-17455

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals"...

Improper Access Control

github.com/usememos/memos is vulnerable to improper access control. Insufficient granularity of access control due to insecure direct object references allows an attacker to delete the victim's archived memos...

PT-2022-16528 · Unknown · Ourphoto App

Name of the Vulnerable Software and Affected Versions: Ourphoto App version 1.4.1 Description: The issue concerns the disclosure of clear-text password information for picture frame devices through the "/device/signin" end-point. Specifically, the deviceVideoCallPassword and mqttPassword are...

CVE-2022-24188

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...

CVE-2021-36906

Multiple Insecure Direct Object References IDOR vulnerabilities in ExpressTech Quiz And Survey Master plugin = 7.3.6 on WordPress...