CVE-2025-41020

Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...

EUVD-2025-34772

Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data...

CVE-2025-9559

The CVE-2025-9559 entry affects Pega Platform versions 8.7.5 to Infinity 24.2.2, due to an Insecure Direct Object Reference in a user interface component that can only be used to read data. Affected products include Pega Platform as described across multiple sources (NVD, Red Hat, ENISA EUVD, CNN...

CVE-2025-41020

Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...

CVE-2025-41020

Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...

EUVD-2025-34733

Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...

CVE-2025-41020

CVE-2025-41020 affects Sergestec Exito v8.0. An IDOR in /admin/ticket_a4.php (id parameter) allows access to other customers’ data. Root cause: insecure direct object reference. Impact per sources includes HIGH confidentiality impact (CVE metrics: CVSS v3.1 base 7.5, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I...

CVE-2025-11176

The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfisetthumbnail and qfideletethumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticated...

Pega Platform 安全漏洞

Pega Platform is an enterprise management platform from Pega Corporation, USA. A security vulnerability exists in Pega Platform versions 8.7.5 through 24.2.2, which stems from an insecure direct object reference in a user interface component that could lead to data readout...

PT-2025-42483

Name of the Vulnerable Software and Affected Versions Pega Platform versions 8.7.5 through 24.2.2 Description The Pega Platform contains an Insecure Direct Object Reference issue within a user interface component. This issue allows for the reading of data. Recommendations Update to a version late...

CVE-2025-11176 Quick Featured Images <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation

The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfisetthumbnail and qfideletethumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticated...

EUVD-2025-34513

The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfisetthumbnail and qfideletethumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2025-11176

CVE-2025-11176 affects the WordPress plugin “Quick Featured Images” (versions up to 13.7.2). The vulnerability is an Insecure Direct Object Reference (IDOR) in the qfi_set_thumbnail and qfi_delete_thumbnail AJAX actions caused by missing validation of a user-controlled key. This allows authentica...

WordPress Quick Featured Images plugin <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation vulnerability

Insecure Direct Object Reference to Image Manipulation vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Quick Featured Images versions = 13.7.2...

Bold Workplanner Insecure Direct Object Reference Vulnerability

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. An insecure direct object reference vulnerability exists in Bold Workplanner versions prior to 2.5.25, which stems from a lack of sufficient validation of user input, and can be...

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24043)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access basic employee details using an unauthorized internal...

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24041)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access basic contract details using an unauthorized internal...

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24045)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access the date of current contract details using an...

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24047)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access permission lists using unauthorized internal identifie...

PT-2025-42230

The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfi set thumbnail and qfi delete thumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticate...