Export limit exceeded: 363261 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1924 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-4803 1 Usememos 1 Memos 2025-04-10 8.8 High
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4811 1 Usememos 1 Memos 2025-04-10 8.3 High
Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.
CVE-2022-4812 1 Usememos 1 Memos 2025-04-10 6.5 Medium
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4686 1 Usememos 1 Memos 2025-04-09 9.8 Critical
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.
CVE-2024-50685 1 Sungrowpower 1 Isolarcloud 2025-04-07 9.1 Critical
SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) via the powerStationService API model.
CVE-2024-50686 1 Sungrowpower 1 Isolarcloud 2025-04-07 9.1 Critical
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the commonService API model.
CVE-2024-50687 1 Sungrowpower 1 Isolarcloud 2025-04-07 9.1 Critical
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService API model.
CVE-2024-50689 1 Sungrowpower 1 Isolarcloud 2025-04-07 9.1 Critical
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService API model.
CVE-2024-50693 1 Sungrowpower 1 Isolarcloud 2025-04-07 9.1 Critical
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the userService API model.
CVE-2022-40319 1 Lsoft 1 Listserv 2025-04-04 7.5 High
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account.
CVE-2022-45927 1 Opentext 1 Opentext Extended Ecm 2025-04-04 8.8 High
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.
CVE-2024-51066 1 Phpgurukul 1 Beauty Parlour Management System 2025-04-04 7.5 High
An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.
CVE-2024-55506 1 Codeastro 1 Complaint Management System 2025-04-03 8.8 High
An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter.
CVE-2023-4836 1 Userprivatefiles 1 Wordpress File Sharing Plugin 2025-04-03 4.3 Medium
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced
CVE-2024-28320 2 Hospital Management System Project, Mayurik 2 Hospital Management System, Hospital Management System 2025-04-01 7.6 High
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php.
CVE-2021-36874 1 Stylemixthemes 1 Ulisting 2025-03-28 7.1 High
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).
CVE-2024-4886 1 Buddyboss 1 Buddyboss Platform 2025-03-27 4.3 Medium
The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
CVE-2024-55231 1 Phpgurukul 1 Online Notes Sharing Management System 2025-03-27 4.3 Medium
An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's information.
CVE-2022-34138 1 Biltema 4 Baby Camera, Baby Camera Firmware, Ip Camera and 1 more 2025-03-26 7.5 High
Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information.
CVE-2024-40395 1 Ptc 1 Thingworx 2025-03-25 6.5 Medium
An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level.