Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2024-46528
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x prior to 4.1.3 and 3.x up to and including 3.4.1 and KubeSphere Enterprise 4.x prior to 4.1.3 and 3.x up to and including 3.5.0 allows low-privileged authenticated malicious users to access sensitive resou...
1 EDB exploit
5.3
CVSSv3
CVE-2020-13923
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz prior to 17.12.04
Apache Ofbiz
6.5
CVSSv3
CVE-2024-34457
On versions prior to 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4
Apache Streampark
NA
CVE-2024-33329
A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows malicious users to bypass authentication and access internal pages and other sensitive information.
6.5
CVSSv3
CVE-2018-16606
In ProConf prior to 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid param...
Proconf Proconf
6.5
CVSSv3
CVE-2018-7690
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Microfocus Fortify Software Security Center 17.10
Microfocus Fortify Software Security Center 17.20
Microfocus Fortify Software Security Center 18.10
1 Github repository
6.5
CVSSv3
CVE-2018-7691
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Microfocus Fortify Software Security Center 17.10
Microfocus Fortify Software Security Center 17.20
Microfocus Fortify Software Security Center 18.10
1 Github repository
6.5
CVSSv3
CVE-2023-49111
For Kiuwan installations with SSO (single sign-on) enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a Ja...
6.5
CVSSv3
CVE-2023-49112
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information...
7.2
CVSSv3
CVE-2023-49110
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side p...
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
ibm
CVE-2025-24054
IMAP
CVE-2025-3441
power hardware management console
remote code execution
CVE-2025-46253
centreon bam
CVE-2025-32952
bypass
cuba-platform
CVE-2025-46251
CVE-2025-21204
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »
Vulmon