PT-2025-36502

Name of the Vulnerable Software and Affected Versions: Envasadora H2O Eireli - Soda Cristal version 40.20.4 Description: An Insecure Direct Object Reference IDOR exists in Envasadora H2O Eireli - Soda Cristal version 40.20.4. Authenticated attackers can access sensitive data belonging to other...

CVE-2025-52389

CVE-2025-52389 describes an Insecure Direct Object Reference (IDOR) in the application "Envasadora H2O Eireli - Soda Cristal" version v40.20.4 . The vulnerability allows authenticated attackers to access sensitive data belonging to other users through a crafted HTTP request. The issue’s CVSS v3.1...

CUSEC-2020

Based on the provided code and context, here is a summary of the analysis: Classification: This is an Insecure Direct Object Reference IDOR bug. Background: The bug occurs when the application does not verify that the current user is authorized to access a resource with a specific ID. In this cas...

Awesome-Bugbounty-Writeups

This is a curated list of bug bounty writeups, specifically focusing on various types of web application vulnerabilities. The repository is organized by vulnerability type, with sections for Cross-Site Scripting XSS, Cross-Site Request Forgery CSRF, Clickjacking, Local File Inclusion LFI, Subdoma...

WordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by Muhammad Zidan Ali Mansur in WordPress Plugin wpForo Forum versions = 2.4.6...

CVE-2024-13063

Summary: CVE-2024-13063 affects Akinsoft MyRezzta (web application). An authorization bypass via a user-controlled key enables forceful browsing (IDOR) against the product. The vulnerability’s affected range is stated as MyRezzta versions from s2.02.02 before v2.05.01; upgrading to v2.05.01 or ne...

Linux Distros Unpatched Vulnerability : CVE-2020-27662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table...

Linux Distros Unpatched Vulnerability : CVE-2021-21324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI befor...

CVE-2025-56254

PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference IDOR vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users...

PT-2025-35564

Name of the Vulnerable Software and Affected Versions: PHPGurukul Employee Leave Management System version 2.1 Description: The software contains an Insecure Direct Object Reference IDOR vulnerability in the leave-details.php file. An authenticated user can modify the leaveid parameter within the...

CVE-2025-56254

PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference IDOR vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users...

CVE-2025-56254

CVE-2025-56254 affects PHPGurukul Employee Leave Management System 2.1 with an Insecure Direct Object Reference (IDOR) in the file leave-details.php . An authenticated user can alter the URL parameter leaveid to access leave application details of other users, exposing sensitive data. Multiple co...

WordPress Miraculous Core Plugin plugin < 2.0.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Miraculous Core Plugin versions 2.0.9...

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

Linux Distros Unpatched Vulnerability : CVE-2023-37543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a...

Chatbots, APIs, and the Hidden Risks Inside Your Application Stack

What happens when a legacy application quietly slips under the radar and ends up at the center of a security incident involving AI and APIs? For one global organization, this scenario played out in real time when an unusual chatbot behavior sparked a closer look into their recruitment platform,...

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

PT-2025-34610 · Unknown · System Pdv Version 1.0

Name of the Vulnerable Software and Affected Versions: System PDV version 1.0 Description: The application contains an Insecure Direct Object Reference IDOR vulnerability due to a lack of proper authorization checks when accessing objects referenced by the hash parameter in a URL. This allows...

CVE-2025-45968

Summary: CVE-2025-45968 affects System PDV v1.0 and is an IDOR vulnerability in the hash URL parameter that permits a remote attacker to access other users’ data or internal resources without proper authorization. The issue is consistently described across multiple sources (NVD, Red Hat, CVE List...