Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-36238
Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an malicious user to obtain sensitive information via the invoice ID parameter.
4
CVSSv2
CVE-2019-5466
An IDOR exists in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.
Gitlab Gitlab
4
CVSSv2
CVE-2021-3380
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows malicious users to disclose sensitive information via the Print Invoice Functionality.
Height8tech H8 Ssrms -
NA
CVE-2023-24625
Faveo 5.0.1 allows remote malicious users to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.
Ladybirdweb Faveo Servicedesk 5.0.1
4
CVSSv2
CVE-2022-29434
Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an malicious user to edit or delete events.
Spiffyplugins Spiffy Calendar
NA
CVE-2022-34138
Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows malicious users to access sensitive information.
Biltema Baby Camera Firmware 124
Biltema Ip Camera Firmware 124
NA
CVE-2023-45393
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated malicious users to access sensitive information via a crafted cookie.
Grandingteco Utime Master 9.0.7
NA
CVE-2024-4886
The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
2.7
CVSSv2
CVE-2020-13462
Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.
Tufin Securetrack
4
CVSSv2
CVE-2022-29627
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows malicious users to modify products that are owned by other sellers.
Online Market Place Site Project Online Market Place Site 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »