CVE-2025-51862

Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...

WordPress plugin WP JobHunt 输入验证错误漏洞

WordPress WP JobHunt plugin is a companion theme to the WP Job Manager plugin, designed for creating professional job boards. The WordPress WP JobHunt plugin suffers from an input validation error vulnerability that stems from a lack of user control key validation in the csremoveprofilecallback...

CVE-2025-51865

CVE-2025-51865 concerns the Ai2 Playground web service (playground.allenai.org). The vulnerability is an Insecure Direct Object Reference (IDOR) that lets an attacker enumerate thread keys in the URL to gain sensitive information. The CVE is tracked with CVSS 3.1: Network attack, Low attack compl...

TelegAI 跨站脚本漏洞

TelegAI is an AI chatbot website from TelegAI, Inc. A cross-site scripting vulnerability exists in TelegAI versions 2025-05-26 and earlier, which stems from an insecure direct object reference that could lead to tampering with other users' conversations and injecting malicious content...

PT-2025-30395 · Typo3 · Femanager

Name of the Vulnerable Software and Affected Versions: femanager versions 6.4.1 and below femanager versions 7.0.0 through 7.5.2 femanager versions 8.0.0 through 8.3.0 Description: The femanager extension for TYPO3 contains an Insecure Direct Object Reference issue, which allows unauthorized...

CVE-2025-51867

Insecure Direct Object Reference IDOR vulnerability in Deepfiction AI deepfiction.ai thru June 3, 2025, allowing attackers to chat with the LLM using other users' credits via sensitive information gained by the /browse/stories endpoint...

PT-2025-30420 · Telegai · Telegai

Name of the Vulnerable Software and Affected Versions: TelegAI versions through 2025-05-26 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the chat component of TelegAI. This allows an attacker to tamper with other users' conversations. Additionally, malicious conten...

TYPO3 powermail 安全漏洞

TYPO3 powermail is a mail form extension for TYPO3 open source. A security vulnerability exists in TYPO3 powermail versions 12.0.0 through 12.5.2 and 13.0.0, which stems from an insecure direct object reference that could lead to the download of arbitrary files from a web server...

TYPO3 femanager 安全漏洞

TYPO3 femanager is a TYPO3 extension to the TYPO3 open source. A security vulnerability exists in TYPO3 femanager versions 6.4.1 and earlier, 7.0.0 to 7.5.2, and 8.0.0 to 8.3.0, which stems from an insecure direct object reference that could lead to unauthorized modification of user data...

CVE-2025-51865

Ai2 playground web service playground.allenai.org LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference IDOR, allowing attackers to gain sensitvie information via enumerating thread keys in the URL...

PT-2025-30423 · Unknown · Ai2 Playground Web Service

Name of the Vulnerable Software and Affected Versions: Ai2 playground web service versions prior to 2025-06-04 Description: The Ai2 playground web service is susceptible to an Insecure Direct Object Reference IDOR issue. This allows attackers to access sensitive information by enumerating thread...

CVE-2025-51867

CVE-2025-51867 affects Deepfiction AI and is an Insecure Direct Object Reference (IDOR) vulnerability exploiting the /browse/stories endpoint to let an attacker chat with the LLM using other users’ credits. Root cause: improper access controls exposing sensitive information tied to user credits. ...

CVE-2025-51869

Insecure Direct Object Reference IDOR vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted spaceid, threadid, and messageid parameters to the v1/space/spaceid/thread/threadid/message/messageid endpoint...

CVE-2025-51868

Insecure Direct Object Reference IDOR vulnerability in Dippy chat.dippy.ai v2 allows attackers to gain sensitive information via the conversationid parameter to the conversationhistory endpoint...

CVE-2025-51868

CVE-2025-51868 describes an Insecure Direct Object Reference (IDOR) in Dippy v2. An attacker can access sensitive information through the conversation_id parameter of the conversation_history endpoint, leading to disclosure of other users’ conversation histories. Affected: Dippy version 2 (chat.d...

Deepfiction AI Insecure Direct Object Reference

Deepfiction AI is an AI entertainment company with a mission to revolutionize personalized storytelling. Deepfiction AI provides a web application to create stories via chat and is susceptible to an insecure direct object reference vulnerability. An attacker can exploit this IDOR to chat with the...

CVE-2025-51869

Insecure Direct Object Reference IDOR vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted spaceid, threadid, and messageid parameters to the v1/space/spaceid/thread/threadid/message/messageid endpoint...

CVE-2025-51868

Insecure Direct Object Reference IDOR vulnerability in Dippy chat.dippy.ai v2 allows attackers to gain sensitive information via the conversationid parameter to the conversationhistory endpoint...

PT-2025-30339 · Dippy · Dippy

Name of the Vulnerable Software and Affected Versions: Dippy version 2 Description: An Insecure Direct Object Reference IDOR vulnerability exists in Dippy that allows attackers to gain sensitive information. The vulnerability is present in the conversation history API endpoint and is exploitable...

CVE-2025-51868

Insecure Direct Object Reference IDOR vulnerability in Dippy chat.dippy.ai v2 allows attackers to gain sensitive information via the conversationid parameter to the conversationhistory endpoint...