Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
NocoDB: Missing Ownership Validation in MCP Token Operations
Insecure Direct Object Reference Message ID
Seerr has Broken Object-Level Authorization in User Profile Endpoint that Exposes Third-Party Notification Credentials
ClipBucket v5 has IDOR in Collection Item Management
OpenEMR's Portal Payment Endpoint Trusts User-Controlled pid
WP Recipe Maker <= 10.3.2 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' Parameter
Manyfold has IDOR in ModelFilesController
hoppscotch has IDOR in updateUserEnvironment / deleteUserEnvironment
wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup
wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data
wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints
Discourse has authentication bypass vulnerability in the Patreon plugin webhook endpoint
OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership
OpenEMR's Printable LBF Endpoint Leaks Arbitrary Patient Forms
OpenEMR Patient Picture Context Allows Arbitrary Patient Photo Retrieval
OpenEMR Missing Authorization Checks in DICOM Viewer State API
OpenEMR Messages "Show All" Not Restricted to Admins
Plane Vulnerable to Cross-Workspace/Cross-Project Asset Modification via IDOR in ProjectAssetEndpoint.patch
feiyuchuixue sz-boot-parent API Endpoint sys-message authorization
Showing 1 - 20 of 1,000+ results