PDV-Systeme System PDV 安全漏洞

PDV-Systeme System PDV is an order management software from the German company PDV-Systeme. A security vulnerability exists in PDV-Systeme System PDV version 1.0, which stems from an insecure direct object reference in the hash parameter and could lead to the disclosure of sensitive information...

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

CVE-2025-55626

An Insecure Direct Object Reference IDOR vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.46622503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage...

CVE-2025-55621

An Insecure Direct Object Reference IDOR vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social...

CVE-2025-55621

An Insecure Direct Object Reference IDOR vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social...

CVE-2025-55621

An Insecure Direct Object Reference IDOR vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social...

Reolink App 安全漏洞

Reolink App is a mobile application from Reolink USA. A security vulnerability exists in Reolink App version v4.54.0.4.20250526, which stems from an insecure direct object reference that could lead to unauthorized access to user profile photos...

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime 安全漏洞

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime is a smart wired WiFi video doorbell from Reolink USA. A security vulnerability exists in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.46622503122283, which stems from an insecure direct object reference that cou...

CVE-2025-55621

An Insecure Direct Object Reference IDOR vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social...

CVE-2025-55626

The CVE-2025-55626 entry concerns Reolink Smart 2K+ Plug-in Wi‑Fi Video Doorbell with Chime, firmware 3.0.0.4662_2503122283. The vulnerability is an Insecure Direct Object Reference (IDOR) that allows unauthorized access to Admin-only settings and the ability to edit session storage. Root cause i...

CVE-2025-55626

An Insecure Direct Object Reference IDOR vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.46622503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage...

Linux Distros Unpatched Vulnerability : CVE-2025-50340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of oth...

Linux Distros Unpatched Vulnerability : CVE-2025-1042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2...

CVE-2025-55621

The CVE-2025-55621 entry describes an insecure direct object reference (IDOR) in Reolink app version 4.54.0.4.20250526, where an attacker could access and download other users’ profile photos via a crafted URL. This is supported by multiple connected records noting the same vulnerability and the ...

PT-2025-34452

Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: An Insecure Direct Object Reference IDOR vulnerability exists in Reolink. This allows unauthorized attackers to access and download other users' profile photos via a crafted URL. Recommendations:...

PT-2025-34457 · Reolink · Reolink Smart 2K+ Plug-In Wi-Fi Video Doorbell

Name of the Vulnerable Software and Affected Versions: Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.4662 2503122283 Description: The device suffers from an Insecure Direct Object Reference IDOR vulnerability. This allows unauthorized attackers to access Admin-only...

CVE-2025-7051 N-central Syslog Configuration Insecure Direct Object Reference

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2...

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

CVE-2025-53208 WordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business paymaya-checkout-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maya Business: from n/a through = 1.2.0...