CVE-2025-59687

IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...

Discourse < 3.5.1 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

CVE-2025-41091

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...

CVE-2025-41094

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contract details using unauthorised internal identifiers...

CVE-2025-41096

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the dates of the current contract details using unauthorised internal identifiers...

Kazaar 安全漏洞

Kazaar is a print marketing fulfillment platform from Kazaar, Inc. A security vulnerability exists in Kazaar version 1.25.12 that stems from allowing modification of the order-id parameter, which could lead to an insecure direct object reference attack...

CVE-2025-59687

The CVE describes an Insecure Direct Object Reference vulnerability in IMPAQTR Aurora pre-1.36. Affected product: IMPAQTR Aurora. Vulnerable component: the data access to users list, organization details, bookmarks, and notifications for an arbitrary organization due to improper access control of...

IMPAQTR Aurora 安全漏洞

IMPAQTR Aurora is a data statistics platform from IMPAQTR Belgium. A security vulnerability exists in IMPAQTR Aurora versions prior to 1.36 that stems from an insecure direct object reference that could lead to access to arbitrary organizational information...

PT-2025-40253

Name of the Vulnerable Software and Affected Versions IMPAQTR Aurora versions prior to 1.36 Description The software contains an Insecure Direct Object Reference issue. This allows unauthorized access to the users list, organization details, bookmarks, and notifications of an arbitrary...

CVE-2025-59687

IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...

CVE-2025-56392

An Insecure Direct Object Reference IDOR in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request...

CVE-2025-56392

An Insecure Direct Object Reference IDOR in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request...

CVE-2025-43827

Insecure Direct Object Reference IDOR vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported...

CVE-2025-43827

Insecure Direct Object Reference IDOR vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported...

CVE-2025-43827

CVE-2025-43827 affects Liferay Portal 7.4.0–7.4.3.117 and Liferay DXP 2024.Q1.1–2024.Q1.5, 2023.Q4.x, 2023.Q3.x, and 7.4 GA through update 92. The issue is an Insecure Direct Object Reference (IDOR) where improper access control on com_liferay_portal_security_audit_web_portlet_AuditPortlet_auditE...

CVE-2025-43827

Insecure Direct Object Reference IDOR vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported...

CVE-2025-41099

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the list of permissions using unauthorised internal identifiers...

CVE-2025-41095

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter details using unauthorised internal identifiers...

CVE-2025-41097

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic employee details using unauthorised internal identifiers...

CVE-2025-41096

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the dates of the current contract details using unauthorised internal identifiers...