90 matches found
Ai2 Insecure Direct Object Reference
Ai2 is a Seattle based non-profit AI research institute. Ai2 provides a playground web application to chat that is susceptible to an insecure direct object reference vulnerability. An attacker can exploit this IDOR to tamper other users' conversation...
CVE-2019-15786
ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket...
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2025-1510)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-2360
creationtimestamp| type| source ---|---|--- 2025-03-15 22:30:34+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114168812896511888 2025-03-17 04:46:06+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7735 2025-03-17 06:00:34+00:00| seen|...
CVE-2022-49719
CVE-2022-49719 affects the Linux kernel realview GIC implementation. The root cause is a refcount leak in realview_gic_of_init caused by of_find_matching_node_and_match() returning a node pointer with an incremented refcount without a corresponding of_node_put() when it is no longer needed. The f...
WordPress plugin Rate My Post – Star Rating Plugin by FeedbackWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...
PT-2024-39521 · WordPress · The User Meta
Name of the Vulnerable Software and Affected Versions: The User Meta – User Profile Builder and User management plugin for WordPress versions up to, and including, 3.1 Description: The issue is related to Insecure Direct Object Reference, which can be exploited by authenticated attackers with...
WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Insecure Direct Object Reference vulnerability
Insecure Direct Object Reference vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...
Microsoft PowerShell Reference for Office Products officedocs-cdn Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerShell Reference for Office Products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of PowerShell Reference for Office...
BIT-GITLAB-2022-1352
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...
SUSE CVE-2022-1972
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2078. Reason: This candidate is a reservation duplicate of CVE-2022-2078. Notes: All CVE users should reference CVE-2022-2078 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...
Design/Logic Flaw
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...
CVE-2022-2499
GitLab EE Jira integration contains an insecure direct object reference vulnerability that may allow an attacker to leak Jira issues. Affected GitLab EE versions: 13.10–15.0.4, 15.1–15.1.3, and 15.2–15.2.0. Root cause is an insecure direct object reference in the Jira integration. Remediation by ...
GHSA-4V4P-87M3-5423 Known v1.3.1 contains Insecure Direct Object Reference
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...
Design/Logic Flaw
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference IDOR vulnerability that allows an unauthenticated attacker to reassign drivers for any printer...
PrinterLogic Web Stack 安全漏洞
PrinterLogic Web Stack PrinterLogic Printer Installer is a native Web application from PrinterLogic USA, Inc. Enabling the It department to manage and automate the creation/propagation of PrinterObjects and printer drivers across print environments from a single management console. PrinterLogic W...
GHSA-75VW-3M5V-FPRH corenlp is vulnerable to Improper Restriction of XML External Entity Reference
corenlp is vulnerable to Improper Restriction of XML External Entity Reference...
CVE-2020-3708
...
CVE-2021-36329
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...
Deserialization of untrusted data
The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...