Total
1315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8770 | 1 Gitlab | 1 Gitlab | 2025-08-15 | N/A | 6.5 MEDIUM |
|
An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers.
|
|||||
| CVE-2025-54691 | 2025-08-14 | N/A | 5.3 MEDIUM | ||
|
Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80.
|
|||||
| CVE-2025-4796 | 1 Themewinter | 1 Eventin | 2025-08-13 | N/A | 8.8 HIGH |
|
The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the 'Eventin\Speaker\Api\SpeakerController::update_item' function. This makes it possible for unauthenticated attackers with contributor-level and above permissions to change arbitrary user's email addresses, including administrators, ...
Show More |
|||||
| CVE-2025-3089 | 2025-08-13 | N/A | N/A | ||
|
ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading to unauthorized data modifications. This issue is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners.
|
|||||
| CVE-2025-5195 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 4.3 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.
|
|||||
| CVE-2025-46386 | 2025-08-06 | N/A | 8.8 HIGH | ||
|
CWE-639 Authorization Bypass Through User-Controlled Key
|
|||||
| CVE-2025-46387 | 2025-08-06 | N/A | 8.8 HIGH | ||
|
CWE-639 Authorization Bypass Through User-Controlled Key
|
|||||
| CVE-2025-51628 | 2025-08-05 | N/A | 7.5 HIGH | ||
|
Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter.
|
|||||
| CVE-2025-24969 | 1 Combodo | 1 Itop | 2025-08-05 | N/A | 5.0 MEDIUM |
|
iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue.
|
|||||
| CVE-2024-43438 | 1 Moodle | 1 Moodle | 2025-08-05 | N/A | 7.5 HIGH |
|
A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.
|
|||||
| CVE-2025-53944 | 1 Agpt | 1 Autogpt Platform | 2025-08-05 | N/A | 7.7 HIGH |
|
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's get_graph_execution_results endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graph_id, it fails to verify ownership of the graph_exec_id parameter, allowing authenticated users to access any execution results by providing arbitrary execution IDs. The internal API implements proper validation fo ...
Show More |
|||||
| CVE-2025-20214 | 1 Cisco | 1 Ios Xe | 2025-08-05 | N/A | 4.3 MEDIUM |
|
A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data.
This vulnerability exists because a subtle change in inner API call behavior causes results to be filtered incorrectly. An attacker could exploit this vulnerability by using either NETCONF, RESTCONF, or gRPC Network Management Interface (gNMI) protocols and query data on paths t ...
Show More |
|||||
| CVE-2025-53357 | 1 Glpi-project | 1 Glpi | 2025-08-04 | N/A | 5.4 MEDIUM |
|
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.78 through 10.0.18, a connected user can alter the reservations of another user. This is fixed in version 10.0.19.
|
|||||
| CVE-2024-52601 | 1 Combodo | 1 Itop | 2025-08-01 | N/A | 6.5 MEDIUM |
|
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.
|
|||||
| CVE-2025-50849 | 2025-07-31 | N/A | 8.0 HIGH | ||
|
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate the request to target other users' accounts and toggle the sticker setting by modifying the company_id or other object identifiers.
|
|||||
| CVE-2025-7947 | 1 Jishenghua | 1 Jsherp | 2025-07-30 | 5.5 MEDIUM | 5.4 MEDIUM |
|
A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-51867 | 2025-07-25 | N/A | 6.5 MEDIUM | ||
|
Insecure Direct Object Reference (IDOR) vulnerability in Deepfiction AI (deepfiction.ai) thru June 3, 2025, allowing attackers to chat with the LLM using other users' credits via sensitive information gained by the /browse/stories endpoint.
|
|||||
| CVE-2025-51865 | 2025-07-25 | N/A | 8.8 HIGH | ||
|
Ai2 playground web service (playground.allenai.org) LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference (IDOR), allowing attackers to gain sensitvie information via enumerating thread keys in the URL.
|
|||||
| CVE-2024-45329 | 1 Fortinet | 1 Fortiportal | 2025-07-22 | N/A | 4.3 MEDIUM |
|
A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests.
|
|||||
| CVE-2024-5166 | 1 Google | 1 Looker | 2025-07-22 | N/A | 6.5 MEDIUM |
|
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model.
|
|||||
| CVE-2025-20114 | 1 Cisco | 2 Unified Contact Center Express, Unified Intelligence Center | 2025-07-22 | N/A | 4.3 MEDIUM |
|
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system.
This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access s ...
Show More |
|||||
| CVE-2025-51869 | 2025-07-22 | N/A | 7.5 HIGH | ||
|
Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted space_id, thread_id, and message_id parameters to the v1/space/{space_id}/thread/{thread_id}/message/{message_id} endpoint.
|
|||||
| CVE-2025-51868 | 2025-07-22 | N/A | 7.5 HIGH | ||
|
Insecure Direct Object Reference (IDOR) vulnerability in Dippy (chat.dippy.ai) v2 allows attackers to gain sensitive information via the conversation_id parameter to the conversation_history endpoint.
|
|||||
| CVE-2024-13175 | 2025-07-22 | N/A | 5.5 MEDIUM | ||
|
Authorization Bypass Through User-Controlled Key vulnerability in Vidco Software VOC TESTER allows Forceful Browsing.This issue affects VOC TESTER: before 12.41.0.
|
|||||
| CVE-2025-4040 | 2025-07-22 | N/A | 7.1 HIGH | ||
|
Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation.This issue affects Automatic Station Monitoring System: before 5.0.6.51.
|
|||||
| CVE-2025-5681 | 2025-07-22 | N/A | 6.5 MEDIUM | ||
|
Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 23.06.2025.
|
|||||
| CVE-2025-4129 | 2025-07-22 | N/A | 7.5 HIGH | ||
|
Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers.This issue affects PAVO Pay: before 13.05.2025.
|
|||||
| CVE-2025-1469 | 2025-07-22 | N/A | 7.5 HIGH | ||
|
Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 11.03.2025.
|
|||||
| CVE-2025-2301 | 2025-07-22 | N/A | 4.4 MEDIUM | ||
|
Authorization Bypass Through User-Controlled Key vulnerability in Akbim Software Online Exam Registration allows Exploitation of Trusted Identifiers.This issue affects Online Exam Registration: before 14.03.2025.
|
|||||
| CVE-2025-7899 | 2025-07-22 | N/A | N/A | ||
|
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0
|
|||||
| CVE-2024-12048 | 1 Superagi | 1 Superagi | 2025-07-18 | N/A | 8.8 HIGH |
|
An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.
|
|||||
| CVE-2025-6329 | 1 Scriptandtools | 1 Real Estate Management System | 2025-07-18 | 5.5 MEDIUM | 5.4 MEDIUM |
|
A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component User Delete Handler. The manipulation of the argument ID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-22931 | 1 Os4ed | 1 Opensis | 2025-07-17 | N/A | 7.5 HIGH |
|
An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.
|
|||||
| CVE-2025-25282 | 1 Infiniflow | 1 Ragflow | 2025-07-16 | N/A | 8.1 HIGH |
|
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list tenant user accounts, add user account into other tenant). Unauthorized cross-tenant access: list user from other tenant (e.g., via GET /<tenant_id>/user/list), add user account to other tenant (POST /<tenant_id>/user). This issue has not yet b ...
Show More |
|||||
| CVE-2024-11167 | 1 Librechat | 1 Librechat | 2025-07-15 | N/A | 5.3 MEDIUM |
|
An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user.
|
|||||
| CVE-2024-10366 | 1 Librechat | 1 Librechat | 2025-07-15 | N/A | 6.5 MEDIUM |
|
An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other users.
|
|||||
| CVE-2025-4855 | 1 Schiocco | 1 Support Board | 2025-07-14 | N/A | 9.8 CRITICAL |
|
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sb_encryption() function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorization and execute arbitrary AJAX actions defined in the sb_ajax_execute() function. An attacker can use this vulnerability to exploit CVE-2025-4828 and various other functions unauthenticated.
|
|||||
| CVE-2024-10780 | 1 Nicheaddons | 1 Restaurant \& Cafe Addon For Elementor | 2025-07-14 | N/A | 4.3 MEDIUM |
|
The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
|
|||||
| CVE-2024-9637 | 1 Igexsolutions | 1 Wpschoolpress | 2025-07-10 | N/A | 8.8 HIGH |
|
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with teacher-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain ac ...
Show More |
|||||
| CVE-2025-6534 | 1 Xxyopen | 1 Novel-plus | 2025-07-09 | 3.6 LOW | 4.2 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to t ...
Show More |
|||||