Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2025/09/30 11:10 a.m.5 views

CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...

7.1CVSS6.3AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2025/09/30 11:10 a.m.14 views

CVE-2025-41091

CVE-2025-41091 concerns Bold Workplanner. Affected: Bold Workplanner prior to version 2.5.25 (4935b438f9b). Issue: Insecure Direct Object Reference (IDOR) due to insufficient input validation, enabling an authenticated user to access calendar details using unauthorized internal identifiers. Impac...

7.1CVSS6.3AI score0.00234EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/30 11:10 a.m.5 views

CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...

7.1CVSS0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:28 a.m.19 views

CVE-2024-6332

The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.4. This makes it...

6.5CVSS5.9AI score0.00355EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/11/04 11:45 a.m.84 views

Shopify: Shopify's SF and LA offices Dashboard Information disclosed via Public Gist

Hi Team, During my recon process, I found a public gist containing the Internal Information of the Shopify offices of LA and SF. The gist belongs to the Shopify employee - https://gist.github.com/runmad He is currently - Engineering Manager at Shopify LA Office Dashboard -...

Exploits0
exploitpack
exploitpack
added 2006/05/23 12:0 a.m.14 views

phpCommunityCalendar 4.0.3 - Cross-Site Scripting SQL Injection

phpCommunityCalendar 4.0.3 - Cross-Site Scripting SQL Injection author : X0r1 release : 23.05.06 software : http://www.appideas.com/ googledork : "Calendar programming by AppIdeas.com" filetype:php XSS: http://SERVER/PATH/week.php?LoName=alert'XSS' http://SERVER/PATH/month.php?LoName=alert'XSS'...

0.7AI score
Exploits0
Rows per page
Query Builder