CVE-2026-2697

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

CVE-2026-2697

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

CVE-2026-2697 Indirect Object Reference (IDOR) in Security Center

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

CVE-2026-2697 Indirect Object Reference (IDOR) in Security Center

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

CVE-2026-2697

CVE-2026-2697 is an IDOR vulnerability in Tenable Security Center prior to 6.8.0 where an authenticated remote attacker can escalate privileges via the owner parameter. Multiple sources (NVD, Red Hat, CVE listings, and Tenable advisory) confirm the issue and its association with Security Center. ...

Insecure Direct Object Reference (IDOR)

pretix is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper authorization checks on file access endpoints, which allows an attacker to retrieve sensitive files of other users by supplying a known UUID...

CVE-2026-2997

Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course...

CVE-2026-2997

CVE-2026-2997 : WisdomGarden’s Tronclass contains an insecure direct object reference. An authenticated remote attacker who learns a course ID can modify a parameter to obtain a course invitation code and join any course. Public exploitation details are not provided in the connected documents; re...

CVE-2026-2997

Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course...

CVE-2026-2997 WisdomGarden｜Tronclass - Insecure Direct Object Reference

Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course...

WisdomGarden Tronclass 安全漏洞

WisdomGarden Tronclass is an interactive teaching management platform developed by WisdomGarden Corporation. There is a security vulnerability in WisdomGarden Tronclass, which stems from insecure direct object references. This vulnerability could allow authenticated remote attackers to access any...

PT-2026-21493

Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course...

PT-2026-21523

Name of the Vulnerable Software and Affected Versions Security Center affected versions not specified Description An Indirect Object Reference IDOR exists in Security Center that could allow an authenticated remote attacker to escalate privileges. The issue is related to the owner parameter. An...

Tenable Security Center 安全漏洞

Tenable Security Center is a security center provided by the American company Tenable. There is a security vulnerability present in Tenable Security Center, which stems from an insecure direct object reference in the owner parameter, potentially leading to privilege escalation...

Insecure Direct Object Reference (IDOR)

spreeapi is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper ownership validation in the guest checkout flow, which allows an attacker to manipulate address ID parameters and bind arbitrary guest addresses to their order...

CVE-2025-69394

CVE-2025-69394 affects the WordPress plugin cnvrse (Cnvrse) for versions up to 0.26.02.10.20. It is an unauthenticated IDOR vulnerability (insecure direct object reference) that can enable unauthorized access to objects via a user-controlled key, as described in Red Hat and Patchstack entries and...

CVE-2025-68514

CVE-2025-68514: WordPress Paid Membership Subscriptions (Cozmoslabs)

CVE-2025-68514 WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through = 2.16.8...

CVE-2025-68051 WordPress Shiprocket plugin <= 2.0.8 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket: from n/a through = 2.0.8...

CVE-2026-1219

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'loadtracknoteajax' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers...