CWE-639: CWE-639

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Saleor e-commerce platform that allows unauthenticated attackers to acc...

This vulnerability allows attackers to bypass authorization controls in Solvera Software Services Trade Inc.'s Teknoera software by manipulating user-...

This vulnerability allows attackers to bypass authorization controls by manipulating user-controlled keys in EXERT Computer Technologies' Education Ma...

This vulnerability in OPEXUS eComplaint allows unauthenticated attackers to download sensitive files by guessing predictable charge numbers. It affect...

This vulnerability allows attackers to bypass authorization controls in Utarit Informatics Services Inc. SoliClub by manipulating user-controlled keys...

CVE-2023-53930 is an insecure direct object reference vulnerability in ProjectSend r1605 that allows unauthenticated attackers to download private fil...

This vulnerability allows unauthenticated attackers to read arbitrary form definitions and submission records in Ninja Forms WordPress plugin. Attacke...

This vulnerability allows attackers to bypass authorization mechanisms in Menulux Software Inc.'s Mobile App by manipulating user-controlled keys to e...

WebITR software developed by Uniong contains an authentication bypass vulnerability that allows authenticated remote attackers to log into the system ...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in classroomio version 0.1.13 that allows unauthorized users to access and...

This vulnerability allows unauthenticated attackers to bypass authorization and retrieve payment method nonces for any stored payment token in the Woo...

DWSurvey 6.14.0 has an access control vulnerability that allows authenticated users to delete other users' questionnaires by manipulating questionnair...

The Event Tickets and Registration WordPress plugin has a payment bypass vulnerability that allows unauthenticated attackers to obtain paid tickets wi...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Sergestec's Exito v8.0 that allows attackers to access other customers'...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner's general enquiry web service that allows unauthorized...

An Insecure Direct Object Reference (IDOR) vulnerability in the PdfHandler component of Agenzia Impresa Eccobook allows unauthenticated attackers to a...

An Insecure Direct Object Reference (IDOR) vulnerability in Dippy chat.dippy.ai v2 allows attackers to access other users' conversation histories by m...

This authentication bypass vulnerability allows a low-privileged remote attacker who possesses another user's second factor (like a hardware token or ...

An Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS allows attackers to bypass authentication and access private admin area...

An Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS allows attackers to bypass authentication and access private admin area...

This vulnerability allows attackers to change registered email addresses of other users, enabling account takeover. It affects systems with insufficie...

The NP Quote Request for WooCommerce WordPress plugin has an Insecure Direct Object Reference vulnerability that allows unauthenticated attackers to r...

CVE-2024-8261 is an authorization bypass vulnerability in Proliz Software OBS that allows attackers to access unauthorized functionality by manipulati...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Newgensoft OmniDocs that allows attackers to access other users' config...

An IDOR vulnerability in AbsysNet 2.3.1 allows remote attackers to hijack unauthenticated user sessions by brute-forcing session identifiers on the /c...

This vulnerability allows authenticated users with bulk messaging permissions to send messages to users who should not be visible in activity non-resp...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Paid Memberships Pro WordPress plugin. Attackers can manipulate use...

An Insecure Direct Object Reference (IDOR) vulnerability in Phpgurukul's Beauty Parlour Management System v1.1 allows attackers to access other custom...

This vulnerability allows unauthenticated attackers to access all user-submitted form data stored by the powermail extension in TYPO3. It affects TYPO...

This vulnerability allows attackers to bypass authorization controls in Utarit Information SoliClub mobile apps by manipulating user-controlled keys, ...

This vulnerability allows attackers to bypass authorization by manipulating user-controlled keys, enabling unauthorized access to other users' data or...

This vulnerability allows attackers to bypass IP allow-lists in Traefik reverse proxy by sending HTTP/3 early data requests with spoofed IP addresses ...

CVE-2024-33818 is an Insecure Direct Object Reference (IDOR) vulnerability in Globitel KSA SpeechLog v8.1 that allows attackers to access unauthorized...

An Insecure Direct Object Reference (IDOR) vulnerability in Janto Ticketing Software version 4.3r10 allows remote attackers to access other users' eve...

This SQL injection vulnerability in Vaales Technologies V_QRS allows remote attackers to extract sensitive information from the database by manipulati...

This vulnerability allows remote attackers to read arbitrary files on novel-plus servers by manipulating the filePath parameter in GET requests. It af...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in GNU Savane that allows remote attackers to delete arbitrary files on th...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Kali Forms WordPress plugin. Attackers can bypass authorization by ...

This IDOR vulnerability in ModernaNet Hospital Management System allows attackers to access sensitive medical records by manipulating URL parameters. ...

This vulnerability allows unauthenticated attackers to bypass authorization by manipulating user-controlled keys in the WooCommerce Stripe Payment Gat...

Archer Platform 6.x contains an insecure direct object reference vulnerability that allows authenticated malicious users in multi-instance installatio...

OpenZFS vulnerability where file contents can be replaced with zero-valued bytes during certain copy operations, potentially disabling security mechan...

An unauthenticated attacker can access any student's files by manipulating the URL path in openSIS Classic Community Edition. This affects all install...

CVE-2023-37543 is an Insecure Direct Object Reference (IDOR) vulnerability in Cacti that allows attackers to access any monitoring graph by manipulati...

This vulnerability allows attackers to access sensitive information about GitLab groups through an insecure direct object reference in the merge reque...

This vulnerability in the WP-EMail WordPress plugin allows attackers to bypass IP-based anti-spam restrictions by spoofing their IP address using HTTP...

This vulnerability allows remote attackers to browse local files on Atlassian Fisheye and Crucible servers via an Insecure Direct Object Reference (ID...

This vulnerability allows unauthenticated remote attackers to sequentially access survey user data by manipulating the ID parameter in the UploadedIma...

CVE-2022-22828 is an insecure direct object reference vulnerability in Synametrics SynaMan file transfer software. It allows remote attackers to acces...

CVE-2021-22967 is an Insecure Direct Object Reference (IDOR) vulnerability in Concrete CMS that allows unauthenticated users to access restricted file...