4462 matches found
CVE-2025-13457
The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...
CVE-2026-22589
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referring to a synproxy stateful object from the OUTPUT hook causes the kernel to crash due to infinite recursive calls: BUG: The TASK stack guard page was accessed ...
CVE-2026-22033 Label Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field
Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one who can trick a user/administrator into updating their...
GHSA-2MQ9-HM29-8QCH Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field
Prologue These vulnerabilities have been found and chained by DCODX-AI. Validation of the exploit chain has been confirmed manually. Summary A persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one wh...
CVE-2025-41077
CVE-2025-41077 affects Viafirma Inbox v4.5.13 with an Insecure Direct Object Reference (IDOR) flaw. The vulnerability allows any authenticated, unprivileged user to list all users, access and modify their data (including emails) and then use password recovery to impersonate other users, potential...
EUVD-2026-1931
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality ...
WordPress WooCommerce Square plugin <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability
Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by DityaRA in WordPress Plugin WooCommerce Square versions = 5.1.1...
Viafirma Inbox 安全漏洞
Viafirma Inbox is an electronic signature inbox from the Spanish company Viafirma. A security vulnerability exists in Viafirma Inbox version 4.5.13, which stems from the presence of an insecure direct object reference that could cause any authenticated but unprivileged user to list all users,...
CVE-2025-13457
The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...
CVE-2025-13457 WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id
The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...
EUVD-2026-1860
The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...
CVE-2025-13457
CVE-2025-13457 affects the WooCommerce Square plugin for WordPress (versions up to 5.1.1). The vulnerability is an Insecure Direct Object Reference in the get_token_by_id function due to missing validation on a user-controlled key, enabling unauthenticated attackers to exfiltrate arbitrary Square...
EUVD-2026-1460
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without...
CVE-2026-22589 Spree API has Unauthenticated IDOR - Guest Address
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without...
CVE-2026-22589
CVE-2026-22589 affects Spree (Rails e-commerce); unauthenticated IDOR allows access to guest address data. Affected: Spree versions before 4.10.2, 5.0.7, 5.1.9, and 5.2.5. Patch/mitigation: upgrade to 4.10.2+, 5.0.7+, 5.1.9+, or 5.2.5+. Root cause cited as faulty authorization (CanCanCan) leading...
CVE-2026-22589 Spree API has Unauthenticated IDOR - Guest Address
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without...
CVE-2026-22605
OpenProject (web-based project management) versions prior to 16.6.3 are vulnerable to an insecure direct object reference in meetings. Users with View Meetings permission on any project could access meeting details from projects they do not have access to. This has been patched in version 16.6.3;...
CVE-2026-22605 OpenProject is Vulnerable to Insecure Direct Object Reference in Meetings
OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting details of meetings that belonged to projects, the user does not have access to. This issue has bee...
CVE-2026-22605 OpenProject is Vulnerable to Insecure Direct Object Reference in Meetings
OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting details of meetings that belonged to projects, the user does not have access to. This issue has bee...