Search Vulnerabilities

GLPI incorrectly authorizes access to documents

CVE-2021-47760

TestLink 1.19 - Arbitrary File Download (Unauthenticated)

CVE-2025-68492

Chainlit versions prior to 2

Jan 14, 2026

CVE-2026-23478

Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback

CVE-2025-40805

Affected devices do not properly enforce user authentication on specific API endpoints

CVE-2025-41077

Multiple vulnerabilities in Viafirma products

CVE-2025-69274

LOW

Spectrum broken authorization scheme

CVE-2025-13457

WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id

CVE-2026-22589

Spree API has Unauthenticated IDOR - Guest Address

CVE-2026-21409

Improper authorization vulnerability exists in RICOH Streamline NX 3

Jan 9, 2026

CVE-2026-22588

Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification

CVE-2026-22235

OPEXUS eComplaint IDOR

CVE-2026-22234

OPEXUS eCasePortal unauthenticated IDOR

CVE-2026-22489

WordPress Image Slider Slideshow plugin <= 1.8 - Insecure Direct Object References (IDOR) vulnerability

CVE-2025-4596

Information disclosure via IDOR in Asseco AMDX

CVE-2025-67919

WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability

CVE-2025-15018

Optional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover

CVE-2025-12030

ACF to REST API <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification

CVE-2025-14802

LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion

CVE-2020-36923

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR

Jan 6, 2026

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2025-64516

GLPI incorrectly authorizes access to documents

CVE-2021-47760

TestLink 1.19 - Arbitrary File Download (Unauthenticated)

CVE-2025-68492

Chainlit versions prior to 2

Jan 14, 2026

CVE-2026-23478

Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback

CVE-2025-40805

Affected devices do not properly enforce user authentication on specific API endpoints

CVE-2025-41077

Multiple vulnerabilities in Viafirma products

CVE-2025-69274

LOW

Spectrum broken authorization scheme

CVE-2025-13457

WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id

CVE-2026-22589

Spree API has Unauthenticated IDOR - Guest Address

CVE-2026-21409

Improper authorization vulnerability exists in RICOH Streamline NX 3

Jan 9, 2026

CVE-2026-22588

Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification

CVE-2026-22235

OPEXUS eComplaint IDOR

CVE-2026-22234

OPEXUS eCasePortal unauthenticated IDOR

CVE-2026-22489

WordPress Image Slider Slideshow plugin <= 1.8 - Insecure Direct Object References (IDOR) vulnerability

CVE-2025-4596

Information disclosure via IDOR in Asseco AMDX

CVE-2025-67919

WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability

CVE-2025-15018

Optional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover

CVE-2025-12030

ACF to REST API <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification

CVE-2025-14802

LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion

CVE-2020-36923

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR