4469 matches found
PT-2025-14640 · Os4Ed · Os4Ed Opensis
Name of the Vulnerable Software and Affected Versions: OS4ED openSIS versions 7.0 through 9.1 Description: The issue concerns an insecure direct object reference IDOR in the /assets/stafffiles component. This allows unauthenticated attackers to access files that have been uploaded by staff member...
University Registration System 1.0 Insecure Direct Object Reference
University Registration System version 1.0 suffers from an insecure direct object reference vulnerability that allows for information disclosure. Exploit Title: University Registration System - IDOR Leads to Information Disclosure Date: 2025-03-25 Exploit Author: wa03/td9l Telegram: @wa03/@td9l...
CVE-2024-13558
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-12048
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-11137
An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the...
CVE-2024-13558
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-13558
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-13558 NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-13558 NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests...
CVE-2024-12048
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-11137
An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the...
CVE-2024-11137
An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the...
CVE-2024-12048
CVE-2024-12048 describes an IDOR (Insecure Direct Object Reference) in transformeroptimus/superagi v0.0.14. The vulnerability arises from improper authorization checks across multiple API endpoints, allowing an attacker to view, edit, and delete other users’ information without proper authorizati...
CVE-2024-11137
The CVE describes an Insecure Direct Object Reference (IDOR) in lunary-ai/lunary v1.6.0 where PATCH /v1/runs/:id/score does not verify that the authenticated user owns or can modify the target run. An attacker can modify other users’ run scores by changing the id parameter, impacting data integri...
WordPress NP Quote Request for WooCommerce plugin <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability
Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Tim Coen in WordPress Plugin NP Quote Request for WooCommerce versions = 1.9.179...
PT-2025-12117 · Unknown · Transformeroptimus/Superagi
Name of the Vulnerable Software and Affected Versions: transformeroptimus/superagi version v0.0.14 Description: An IDOR Insecure Direct Object Reference vulnerability exists, allowing attackers to view, edit, and delete other users' information without proper authorization. The application fails ...
SuperAGI 安全漏洞
SuperAGI is an open source infrastructure application from SuperAGI Open Source. for building components, tools, frameworks, and models to implement open source AGI. A security vulnerability exists in SuperAGI version v0.0.14 that stems from improper authorization checking and could lead to an...
PT-2025-12098 · Unknown · Lunary-Ai/Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.6.0 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the "PATCH /v1/runs/:id/score" endpoint. This issue allows an attacker to update the score data of any run by manipulating the id...
CVE-2025-2271
A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference IDOR vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive...
CVE-2024-13887
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajaxlistingsubmitimageupload' function due to missing validation on a user controlled key. This makes...