2754 matches found
EUVD-2024-17050
Malicious code in bioql PyPI...
EUVD-2024-46819
Malicious code in bioql PyPI...
EUVD-2024-49815
Malicious code in bioql PyPI...
CVE-2025-43827
Insecure Direct Object Reference IDOR vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported...
CVE-2025-41098
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...
Kazaar 安全漏洞
Kazaar is a print marketing fulfillment platform from Kazaar, Inc. A security vulnerability exists in Kazaar version 1.25.12 that stems from allowing modification of the order-id parameter, which could lead to an insecure direct object reference attack...
CVE-2025-43827
Insecure Direct Object Reference IDOR vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported...
CVE-2025-41099
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the list of permissions using unauthorised internal identifiers...
CVE-2025-41095
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter details using unauthorised internal identifiers...
CVE-2025-41094
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contract details using unauthorised internal identifiers...
CVE-2025-41097
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic employee details using unauthorised internal identifiers...
CVE-2025-41093
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic contract details using unauthorised internal identifiers...
CVE-2025-41098 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...
CVE-2025-41098
CVE-2025-41098 affects Bold Workplanner. The issue is an Insecure Direct Object Reference (IDOR) resulting from misuse of the General Enquiry web service, impacting versions prior to 2.5.25 (build 4935b438f9b). Public sources across multiple databases confirm an IDOR vulnerability without exposed...
CVE-2025-41095 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter details using unauthorised internal identifiers...
CVE-2025-41094 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contract details using unauthorised internal identifiers...
CVE-2025-41094 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contract details using unauthorised internal identifiers...
CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...
PT-2025-40024
Name of the Vulnerable Software and Affected Versions Syaqui Collegetivity version 1.0.0 Description An Insecure Direct Object Reference IDOR exists in the /dashboard/notes API endpoint. This allows attackers to impersonate other users and perform unauthorized actions by sending a specially craft...
PT-2025-39973
Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access...