idor 14

• IDOR in Password Reset API Leads to Administrator Account Takeover | TheForms Jun 8, 2026
• Password Change IDOR Leads to Administrator Account Takeover | Noted Jun 7, 2026
• IDOR – Unauthorized Grant Approval via Workflow Manipulation | Briarcliff Foundation Jun 1, 2026
• IDOR – Account Export Data Disclosure | Remittance May 26, 2026
• IDOR via WebSocket Subscription – Cross-Order Data Exposure | JoyStick May 16, 2026
• GraphQL BOLA via Introspection & Insecure Resolver Access | Slate Quarry May 15, 2026
• Command Injection & Broken Function Level Authorization | NewsForge May 15, 2026
• IDOR via Sequential Order IDs | Cheesy Does It May 11, 2026
• IDOR in Order Access – Unauthorized Order Data Exposure | Hartwood May 11, 2026
• UUID-Based IDOR Through Member API | Apex May 9, 2026
• IDOR – Unauthorized Access to Borrower Records | Overdue May 1, 2026
• IDOR – Unauthorized Access to Shared Notes via Base64 ID Manipulation | BugForge Apr 24, 2026
• IDOR – Password Disclosure via Insecure Direct Object Reference | User ID Controlled by Request Parameter Mar 29, 2026
• IDOR – Unauthorized Access via Predictable Identifier Manipulation | User ID Controlled by Request Parameter Mar 29, 2026