4464 matches found
CVE-2025-6585
The WP JobHunt WordPress plugin (versions up to 7.2) is affected by an Insecure Direct Object Reference through the cs_remove_profile_callback() function due to missing validation on a user-controlled key. This allows authenticated attackers with Subscriber-level access or higher to delete accoun...
CVE-2025-51867
CVE-2025-51867 affects Deepfiction AI and is an Insecure Direct Object Reference (IDOR) vulnerability exploiting the /browse/stories endpoint to let an attacker chat with the LLM using other users’ credits. Root cause: improper access controls exposing sensitive information tied to user credits. ...
PT-2025-30418 · Unknown · Deepfiction Ai
Name of the Vulnerable Software and Affected Versions: Deepfiction AI versions prior to June 3, 2025 Description: An Insecure Direct Object Reference IDOR vulnerability exists in Deepfiction AI. This allows attackers to access and utilize other users' credits for interacting with the Large Langua...
TYPO3 femanager 安全漏洞
TYPO3 femanager is a TYPO3 extension to the TYPO3 open source. A security vulnerability exists in TYPO3 femanager versions 6.4.1 and earlier, 7.0.0 to 7.5.2, and 8.0.0 to 8.3.0, which stems from an insecure direct object reference that could lead to unauthorized modification of user data...
PT-2025-30420 · Telegai · Telegai
Name of the Vulnerable Software and Affected Versions: TelegAI versions through 2025-05-26 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the chat component of TelegAI. This allows an attacker to tamper with other users' conversations. Additionally, malicious conten...
CVE-2025-51865
Ai2 playground web service playground.allenai.org LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference IDOR, allowing attackers to gain sensitvie information via enumerating thread keys in the URL...
CVE-2025-51865
Ai2 playground web service playground.allenai.org LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference IDOR, allowing attackers to gain sensitvie information via enumerating thread keys in the URL...
Ai2 Playground 安全漏洞
Ai2 Playground is an AI macromodeling website from Ai2 Playground, Inc. A security vulnerability exists in Ai2 Playground versions 2025-06-03 and earlier, which stems from an insecure direct object reference that could lead to access to sensitive information...
CVE-2025-51867
Insecure Direct Object Reference IDOR vulnerability in Deepfiction AI deepfiction.ai thru June 3, 2025, allowing attackers to chat with the LLM using other users' credits via sensitive information gained by the /browse/stories endpoint...
CVE-2025-51862
Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...
TelegAI 跨站脚本漏洞
TelegAI is an AI chatbot website from TelegAI, Inc. A cross-site scripting vulnerability exists in TelegAI versions 2025-05-26 and earlier, which stems from an insecure direct object reference that could lead to tampering with other users' conversations and injecting malicious content...
CVE-2025-51865
CVE-2025-51865 concerns the Ai2 Playground web service (playground.allenai.org). The vulnerability is an Insecure Direct Object Reference (IDOR) that lets an attacker enumerate thread keys in the URL to gain sensitive information. The CVE is tracked with CVSS 3.1: Network attack, Low attack compl...
WordPress plugin WP JobHunt 输入验证错误漏洞
WordPress WP JobHunt plugin is a companion theme to the WP Job Manager plugin, designed for creating professional job boards. The WordPress WP JobHunt plugin suffers from an input validation error vulnerability that stems from a lack of user control key validation in the csremoveprofilecallback...
PT-2025-30378 · WordPress · Wp Jobhunt
Name of the Vulnerable Software and Affected Versions: WP JobHunt versions prior to 7.3 Description: The WP JobHunt plugin for WordPress is susceptible to an Insecure Direct Object Reference issue in all versions up to and including 7.2, specifically within the cs remove profile callback function...
TYPO3 powermail 安全漏洞
TYPO3 powermail is a mail form extension for TYPO3 open source. A security vulnerability exists in TYPO3 powermail versions 12.0.0 through 12.5.2 and 13.0.0, which stems from an insecure direct object reference that could lead to the download of arbitrary files from a web server...
PT-2025-30395 · Typo3 · Femanager
Name of the Vulnerable Software and Affected Versions: femanager versions 6.4.1 and below femanager versions 7.0.0 through 7.5.2 femanager versions 8.0.0 through 8.3.0 Description: The femanager extension for TYPO3 contains an Insecure Direct Object Reference issue, which allows unauthorized...
CVE-2025-51862
TelegAI (telegai.com) is affected by an Insecure Direct Object Reference (IDOR) vulnerability in its chat component. Exploitation relies on manipulating the profile_id in chat-related API calls (as evidenced by the GitHub exploit, PT-2025-30420 description, and other reports), enabling an attacke...
PT-2025-30423 · Unknown · Ai2 Playground Web Service
Name of the Vulnerable Software and Affected Versions: Ai2 playground web service versions prior to 2025-06-04 Description: The Ai2 playground web service is susceptible to an Insecure Direct Object Reference IDOR issue. This allows attackers to access sensitive information by enumerating thread...
WordPress WP JobHunt plugin <= 7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Account Deletion vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Account Deletion vulnerability discovered by ixec in WordPress Plugin WP JobHunt versions = 7.2...
CVE-2025-51869
Insecure Direct Object Reference IDOR vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted spaceid, threadid, and messageid parameters to the v1/space/spaceid/thread/threadid/message/messageid endpoint...