4441 matches found
CVE-2026-49192 Summary Service Insecure Direct Object Reference
The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...
CVE-2026-49192 Summary Service Insecure Direct Object Reference
The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...
CVE-2026-49192
Technical details for CVE-2026-49192 are not publicly available in the provided documents. Monitor for updates on affected products, exposed data, and remediation.
CVE-2026-10597
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...
EUVD-2026-34196
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...
CVE-2026-10597 ITPison|OMICARD EDM - Insecure Direct Object Reference
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...
CVE-2026-10597 ITPison|OMICARD EDM - Insecure Direct Object Reference
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...
CVE-2026-10597
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...
PT-2026-46150
The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...
PT-2026-46130
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...
CVE-2026-31942
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...
CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...
CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...
CVE-2026-31942
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...
CVE-2026-24756
Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...
CVE-2026-24761
Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...
CVE-2026-24761
The CVE-2026-24761 entry concerns Kiteworks Secure Data Forms prior to version 9.3.0, where an Insecure Direct Object Reference (IDOR) allows an authenticated user to access metadata of resources belonging to other users due to insufficient ownership checks. Affected product is Kiteworks Secure D...
CVE-2026-24761 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key
Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...
EUVD-2026-33840
Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...
CVE-2026-24756
Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...