Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2024-34457
On versions prior to 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4
Apache Streampark
5.3
CVSSv3
CVE-2020-13923
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz prior to 17.12.04
Apache Ofbiz
NA
CVE-2024-33329
A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows malicious users to bypass authentication and access internal pages and other sensitive information.
6.5
CVSSv3
CVE-2018-16606
In ProConf prior to 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid param...
Proconf Proconf
6.5
CVSSv3
CVE-2018-7690
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Microfocus Fortify Software Security Center 17.10
Microfocus Fortify Software Security Center 17.20
Microfocus Fortify Software Security Center 18.10
1 Github repository
6.5
CVSSv3
CVE-2018-7691
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Microfocus Fortify Software Security Center 17.10
Microfocus Fortify Software Security Center 17.20
Microfocus Fortify Software Security Center 18.10
1 Github repository
7.2
CVSSv3
CVE-2023-49110
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side p...
6.5
CVSSv3
CVE-2023-49111
For Kiuwan installations with SSO (single sign-on) enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a Ja...
6.5
CVSSv3
CVE-2023-49112
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information...
7.8
CVSSv3
CVE-2023-49113
The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer...
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-21298
jenkins project
CVE-2025-23811
server-side request forgery
jenkins bitbucket server integration plugin
CVE-2025-21210
CVE-2025-23882
bypass
muzaara google ads report
wordpress file search
CVE-2025-24397
mass assignment
CVE-2024-12477
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »