Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.
CWE-639
CVE-2021-21012
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.
CVE-2021-20599
Cleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions “26” and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.
CVE-2022-4812
Comparison of Object References Instead of Object Contents in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4798
Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4799
Improper Authentication in GitHub repository usememos/memos prior to 0.9.1.