Total
1511 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4802 | 1 Usememos | 1 Memos | 2025-04-10 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4803 | 1 Usememos | 1 Memos | 2025-04-10 | 8.8 High |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4811 | 1 Usememos | 1 Memos | 2025-04-10 | 8.3 High |
| Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1. | ||||
| CVE-2022-4812 | 1 Usememos | 1 Memos | 2025-04-10 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4686 | 1 Usememos | 1 Memos | 2025-04-09 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2024-50685 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | 9.1 Critical |
| SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) via the powerStationService API model. | ||||
| CVE-2024-50686 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | 9.1 Critical |
| SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the commonService API model. | ||||
| CVE-2024-50687 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | 9.1 Critical |
| SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService API model. | ||||
| CVE-2024-50689 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | 9.1 Critical |
| SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService API model. | ||||
| CVE-2024-50693 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | 9.1 Critical |
| SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the userService API model. | ||||
| CVE-2022-40319 | 1 Lsoft | 1 Listserv | 2025-04-04 | 7.5 High |
| The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account. | ||||
| CVE-2022-45927 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | 8.8 High |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code. | ||||
| CVE-2024-51066 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-04-04 | 7.5 High |
| An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers. | ||||
| CVE-2024-55506 | 1 Codeastro | 1 Complaint Management System | 2025-04-03 | 8.8 High |
| An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter. | ||||
| CVE-2023-4836 | 1 Userprivatefiles | 1 Wordpress File Sharing Plugin | 2025-04-03 | 4.3 Medium |
| The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced | ||||
| CVE-2004-0412 | 1 Gnu | 1 Mailman | 2025-04-03 | 6.5 Medium |
| Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server. | ||||
| CVE-2024-28320 | 2 Hospital Management System Project, Mayurik | 2 Hospital Management System, Hospital Management System | 2025-04-01 | 7.6 High |
| Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php. | ||||
| CVE-2021-36874 | 1 Stylemixthemes | 1 Ulisting | 2025-03-28 | 7.1 High |
| Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). | ||||
| CVE-2024-4886 | 1 Buddyboss | 1 Buddyboss Platform | 2025-03-27 | 4.3 Medium |
| The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request | ||||
| CVE-2024-55231 | 1 Phpgurukul | 1 Online Notes Sharing Management System | 2025-03-27 | 4.3 Medium |
| An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's information. | ||||