13 matches found
EUVD-2025-5288
Malicious code in bioql PyPI...
EUVD-2024-50425
Malicious code in bioql PyPI...
EUVD-2023-41430
Malicious code in bioql PyPI...
EUVD-2024-26084
Malicious code in bioql PyPI...
CVE-2025-46732
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...
CVE-2023-30550
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...
CVE-2023-24625
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference IDOR attack...
CVE-2022-3511
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector...
GHSA-6G5X-H5X7-Q4MQ Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access...
Autodesk: Insecure Direct Object Reference (IDOR) in GraphQL deleteProfileImages Mutation
The Insecure Direct Object Reference IDOR vulnerability was discovered in the GraphQL deleteProfileImages mutation of the Autodesk User Profile. The vulnerability could have allowed an attacker to delete another user's photo through the "id" parameter. Autodesk has addressed the vulnerability...
CVE-2023-49620 Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized which almost used in sql task, with unauthorized access vulnerability IDOR, but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires...
GHSA-7G5J-Q8QJ-8984 Magento Insecure Direct Object Reference (IDOR) vulnerability
An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder...
CVE-2020-8503
The CVE-2020-8503 issue affects Biscom Secure File Transfer (SFT) versions 5.0.1050–5.1.1067 and 6.0.1000–6.0.1003. A vulnerability in the file-upload feature allows Insecure Direct Object Reference (IDOR) by an authenticated sender due to an error in how uploads are handled. The impact is descri...