An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the info
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0,
Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents
Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information b
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticate
Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability is successfully exploited, an authentica
Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin
Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated use
Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated use
A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to informat
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability allows any authenticated user to change the display names o
An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowi
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality.
A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query Batch Handler. The manipulatio
Mercator is an open source web application designed to enable mapping of information systems. A stored Cross-Site Scripting (XSS) vulnerability exists in Mercator prior to version 2026.02.22 due to th
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php.
A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to d