CVE-2025-41097 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic employee details using unauthorised internal identifiers...

CVE-2025-41097

CVE-2025-41097 affects Bold Workplanner, an enterprise HR software. The issue is an insecure direct object reference (IDOR) caused by insufficient validation of user input, allowing an authenticated user to access basic employee details using unauthorized internal identifiers. This vulnerability ...

CVE-2025-41096

Summary: CVE-2025-41096 is an Insecure Direct Object Reference (IDOR) in Bold Workplanner, affecting versions prior to 2.5.25. The vulnerability arises from insufficient validation of user input, allowing an authenticated user to access the dates of current contract details using unauthorized int...

CVE-2025-41096 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the dates of the current contract details using unauthorised internal identifiers...

CVE-2025-41096 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the dates of the current contract details using unauthorised internal identifiers...

CVE-2025-41095 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter details using unauthorised internal identifiers...

CVE-2025-41095 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter details using unauthorised internal identifiers...

CVE-2025-41094 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contract details using unauthorised internal identifiers...

CVE-2025-41094 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contract details using unauthorised internal identifiers...

CVE-2025-41093 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic contract details using unauthorised internal identifiers...

CVE-2025-41092 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...

CVE-2025-41091

CVE-2025-41091 concerns Bold Workplanner. Affected: Bold Workplanner prior to version 2.5.25 (4935b438f9b). Issue: Insecure Direct Object Reference (IDOR) due to insufficient input validation, enabling an authenticated user to access calendar details using unauthorized internal identifiers. Impac...

CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...

CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...

CVE-2025-56392

An Insecure Direct Object Reference IDOR in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-39978

Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access...

Bold Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access plan counter details using an unauthorized internal...

BOLD Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access calendar details using an unauthorized internal...

PT-2025-39973

Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access...