PT-2024-17538 · Feedbackwp · Rate My Post – Star Rating Plugin

Name of the Vulnerable Software and Affected Versions: Rate My Post – Star Rating Plugin by FeedbackWP versions up to, and including, 4.2.4 Description: The issue allows unauthenticated attackers to vote on unpublished scheduled posts due to missing validation on a user-controlled key in the get...

WordPress WPCasa plugin <= 1.2.13 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin WPCasa versions = 1.2.13...

LibrePhotos 安全漏洞

LibrePhotos is a self-hosted open source photo management service open-sourced by LibrePhotos. LibrePhotos suffers from a security vulnerability that stems from susceptibility to a cross-site scripting attack, where an attacker can take over any account by uploading an HTML file on behalf of an...

PT-2024-35792 · Unknown · Librephotos

Name of the Vulnerable Software and Affected Versions: LibrePhotos versions prior to commit 32237 Description: A Cross Site Scripting issue allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. This is achieved by exploiting the...

CVE-2024-10696

The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...

CVE-2024-10696 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode

The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...

CVE-2024-10696

CVE-2024-10696 affects UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS, Woo Widget, Menu Builder, Anywhere Elementor Shortcode) for WordPress. Versions

CVE-2024-10696 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode

The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...

WordPress UltraAddons plugin <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode vulnerability

Insecure Direct Object Reference to Sensitive Information Exposure via UATemplate Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin UltraAddons Elementor Lite versions = 1.1.8...

CVE-2024-53084

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close, outstanding VM mappings may result in resources being leaked, due to an object reference loop, as shown below, with ea...

AZL-53831 CVE-2024-53084 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close, outstanding VM mappings may result in resources being leaked, due to an object reference loop, as shown below, with ea...

CVE-2024-53084

CVE-2024-53084 affects the Linux kernel’s DRM/Imagination driver path for PVR, where a resource cleanup reference loop between PVR VM Context and VM Mappings could leak VM resources. The official fix breaks the loop by freeing outstanding VM mappings before destroying the PVR Context associated w...

CVE-2024-53084 drm/imagination: Break an object reference loop

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close, outstanding VM mappings may result in resources being leaked, due to an object reference loop, as shown below, with ea...

CVE-2024-53084 drm/imagination: Break an object reference loop

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close, outstanding VM mappings may result in resources being leaked, due to an object reference loop, as shown below, with ea...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of an object reference loop problem...

TikTok: IDOR on ads.tiktok.com Allows Unauthorized Product Addition

An Insecure Direct Object Reference IDOR vulnerability was discovered on the TikTok Ads API that allowed the addition of arbitrary products to a user's catalog without proper authorization...

CVE-2024-48901 Moodle: idor when fetching report schedules

A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report...

PT-2024-9175 · Absysnet · Absysnet

Name of the Vulnerable Software and Affected Versions: AbsysNet version 2.3.1 Description: An IDOR Insecure Direct Object Reference vulnerability has been discovered, which could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifi...

AbsysNET 安全漏洞

AbsysNET is an open source library online management system from Library Technology Guides. A security vulnerability exists in AbsysNet version 2.3.1, which stems from an insecure direct object reference that allows an attacker to obtain an unauthenticated user session by brute-force attacking th...

WordPress WP Project Manager plugin <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass vulnerability

Insecure Direct Object Reference to Unauthenticated Authorization Bypass vulnerability discovered by stealthcopter in WordPress Plugin WP Project Manager versions = 2.6.13...