Total
1689 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38765 | 1 Canon | 1 Vitrea View | 2025-04-23 | N/A | 6.5 MEDIUM |
| Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter. | |||||
| CVE-2022-31295 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. | |||||
| CVE-2023-51141 | 1 Zkteco | 1 Biotime | 2025-04-18 | N/A | 6.5 MEDIUM |
| An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component | |||||
| CVE-2022-31683 | 1 Pivotal Software | 1 Concourse | 2025-04-16 | N/A | 5.4 MEDIUM |
| Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team. | |||||
| CVE-2024-33668 | 1 Zammad | 1 Zammad | 2025-04-15 | N/A | 9.1 CRITICAL |
| An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to. | |||||
| CVE-2022-4097 | 1 Updraftplus | 1 All-in-one Security | 2025-04-14 | N/A | 5.3 MEDIUM |
| The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more). | |||||
| CVE-2024-12335 | 1 Theme-fusion | 1 Avada Builder | 2025-04-14 | N/A | 4.3 MEDIUM |
| The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | |||||
| CVE-2023-36238 | 1 Webkul | 1 Bagisto | 2025-04-14 | N/A | 6.5 MEDIUM |
| Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter. | |||||
| CVE-2024-10670 | 1 Nicheaddons | 1 Primary Addon For Elementor | 2025-04-11 | N/A | 4.3 MEDIUM |
| The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to. | |||||
| CVE-2024-50685 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | N/A | 9.1 CRITICAL |
| SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) via the powerStationService API model. | |||||
| CVE-2024-50686 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | N/A | 9.1 CRITICAL |
| SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the commonService API model. | |||||
| CVE-2024-50687 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | N/A | 9.1 CRITICAL |
| SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService API model. | |||||
| CVE-2024-50689 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | N/A | 9.1 CRITICAL |
| SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService API model. | |||||
| CVE-2024-50693 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | N/A | 9.1 CRITICAL |
| SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the userService API model. | |||||
| CVE-2022-40319 | 1 Lsoft | 1 Listserv | 2025-04-04 | N/A | 7.5 HIGH |
| The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account. | |||||
| CVE-2022-45927 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 8.8 HIGH |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code. | |||||
| CVE-2024-51066 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-04-04 | N/A | 7.5 HIGH |
| An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers. | |||||
| CVE-2024-55506 | 1 Codeastro | 1 Complaint Management System | 2025-04-03 | N/A | 8.8 HIGH |
| An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter. | |||||
| CVE-2023-4836 | 1 Userprivatefiles | 1 Wordpress File Sharing Plugin | 2025-04-03 | N/A | 4.3 MEDIUM |
| The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced | |||||
| CVE-2024-28320 | 1 Mayurik | 1 Hospital Management System | 2025-04-01 | N/A | 7.6 HIGH |
| Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php. | |||||