CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/11/05 7:52 p.m.•3 views

GHSA-CPF4-PMR4-W6CX IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering

Summary ZITADEL's Organization V2Beta API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users with specific administrator roles within one organization to access and modify data belonging to other organizations. Impact ZITADEL's Organization V2Beta API,...

8.7CVSS6.7AI score0.00253EPSS

Exploits0References5

Positive Technologies•added 2025/11/05 12:0 a.m.•5 views

PT-2025-45383

Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0-rc.1 through 4.6.2 Description Zitadel is an open source identity management platform susceptible to secure Direct Object Reference IDOR attacks through its V2Beta API. Authenticated users with specific administrator rol...

8.7CVSS6.5AI score0.00253EPSS

Exploits0References11

NVD•added 2025/11/04 11:15 a.m.•4 views

CVE-2025-11690

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

8.5CVSS0.00143EPSS

EUVD•added 2025/11/04 10:25 a.m.•6 views

EUVD-2025-37759

8.5CVSS6AI score0.00143EPSS

CVE•added 2025/11/04 10:25 a.m.•21 views

CVE-2025-11690

CVE-2025-11690 corresponds to an Insecure Direct Object Reference (IDOR) in the vehicleId parameter of the CFMOTO RIDE API backend. The issue allows unauthorized access to sensitive data from other users’ vehicles (GPS coordinates, encryption keys, initialization vectors, model numbers, fuel stat...

8.5CVSS6.1AI score0.00143EPSS

CNNVD•added 2025/11/04 12:0 a.m.•6 views

CFMOTO RIDE 安全漏洞

CFMOTO RIDE is an in-vehicle vehicle data management system from the Chinese company CFMOTO. A security vulnerability exists in CFMOTO RIDE that stems from an insecure direct object reference in the vehicleId parameter, which could lead to unauthorized access to sensitive information of other use...

8.5CVSS6.2AI score0.00143EPSS

Positive Technologies•added 2025/11/04 12:0 a.m.•6 views

PT-2025-44991

Name of the Vulnerable Software and Affected Versions CFMOTO RIDE affected versions not specified Description An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this...

8.5CVSS6.2AI score0.00143EPSS

Exploits0References6

Veracode•added 2025/10/31 9:29 a.m.•8 views

Insecure Direct Object Reference (IDOR)

Liferay Portal including Liferay DXP is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to the Contacts Center widget directly exposing the comliferaycontactswebportletContactsCenterPortletentryId parameter without proper authorization checks. An attackers can use...

6.9CVSS7AI score0.00257EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/10/30 12:12 a.m.•11 views

CVE-2025-61876

Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...

5CVSS6.5AI score0.00195EPSS

NVD•added 2025/10/29 7:15 p.m.•7 views

CVE-2025-61876

5CVSS0.00195EPSS

Vulnrichment•added 2025/10/29 12:0 a.m.•2 views

CVE-2025-61876

6.2AI score0.00195EPSS

CNNVD•added 2025/10/29 12:0 a.m.•7 views

Inforcer Platform 安全漏洞

Inforcer Platform is a multi-tenant management platform from the Dutch company Inforcer. A security vulnerability exists in Inforcer Platform version 2.0.153, which stems from the presence of an insecure direct object reference in the /tenants/id API endpoint, which could lead to a low-privileged...

5CVSS6.4AI score0.00195EPSS

CVE•added 2025/10/29 12:0 a.m.•18 views

CVE-2025-61876

CVE-2025-61876 is an IDOR flaw in Inforcer Platform 2.0.153 allowing a low-privilege, authenticated user to enumerate and access tenant data from other clients by altering the tenant ID in the /tenants/{id} URL. The Red Hat and NVD records corroborate the issue; the CVSSv3.1 score is 5.0 (Medium)...

5CVSS6.2AI score0.00195EPSS

CVE•added 2025/10/28 11:48 a.m.•16 views

CVE-2025-40069

CVE-2025-40069 affects the Linux kernel, specifically the DRM MSM driver. The vulnerability arises in the VM_BIND error path where, if a handle-lookup partway through fails, references to already obtained objects may not be dropped, potentially leaking resources. The available connected documents...

6.1AI score0.0017EPSS

CNNVD•added 2025/10/28 12:0 a.m.•3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unreleased object reference in the VMBIND error path, which could lead to a memory leak...

6.1AI score0.0017EPSS

EUVD•added 2025/10/27 6:31 p.m.•3 views

EUVD-2025-36220

IDOR vulnerability in Educare ERP 1.0 2025-04-22 allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object...

5.4CVSS6.1AI score0.00166EPSS

NVD•added 2025/10/27 6:15 p.m.•3 views

CVE-2025-60982

5.4CVSS0.00166EPSS

RedhatCVE•added 2025/10/27 1:33 p.m.•13 views

CVE-2025-34293

GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...

8.6CVSS6.8AI score0.0038EPSS