3461 matches found
BOLD Workplanner 安全漏洞
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access calendar details using an unauthorized internal...
CVE-2025-56392
An Insecure Direct Object Reference IDOR in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request...
Collegetivity 安全漏洞
Collegetivity is a university student activity system by the individual developer Syauqizaidan Khairan Khalaf. A security vulnerability exists in Collegetivity version 1.0.0, which stems from the presence of an insecure direct object reference in the /dashboard/notes endpoint, which could allow a...
Bold Workplanner 安全漏洞
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access the date of current contract details using an...
Bold Workplanner 安全漏洞
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access plan counter details using an unauthorized internal...
Bold Workplanner 安全漏洞
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access functional contract details using an unauthorized...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
PT-2025-39978
Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access...
PT-2025-39977
Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access...
PT-2025-39972
Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-55886
An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...
proofcraft
PocGEN - Proof of Concept Generator A Python command-line too...
Liferay Portal and DXP allows users to add a note to a different virtual instance
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
GHSA-F372-9RCJ-8W2C Liferay Portal and DXP allows users to add a note to a different virtual instance
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-43810
CVE-2025-43810 affects Liferay Portal and Liferay DXP, where an insecure direct object reference via the parameter _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId allows a remote authenticated user to add a note to an order in a different virtual instance. Af...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-57994
Technical details are not publicly available in the provided documents for CVE-2025-57994 (Upcoming Events Lists). Monitor for updates and rely on official advisories for affected versions, impact, and fixes.
CVE-2025-55886
An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...