2754 matches found
CVE-2025-51868
Insecure Direct Object Reference IDOR vulnerability in Dippy chat.dippy.ai v2 allows attackers to gain sensitive information via the conversationid parameter to the conversationhistory endpoint...
CVE-2025-51865
Ai2 playground web service playground.allenai.org LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference IDOR, allowing attackers to gain sensitvie information via enumerating thread keys in the URL...
CVE-2025-51862
Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...
CVE-2025-51867
Insecure Direct Object Reference IDOR vulnerability in Deepfiction AI deepfiction.ai thru June 3, 2025, allowing attackers to chat with the LLM using other users' credits via sensitive information gained by the /browse/stories endpoint...
Femanager extension for TYPO3 allows Insecure Direct Object Reference
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
Powermail extension for TYPO3 allows Insecure Direct Object Reference
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...
GHSA-RC5F-3HFV-JXP2 Femanager extension for TYPO3 allows Insecure Direct Object Reference
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
GHSA-X769-3CWV-F8HC Powermail extension for TYPO3 allows Insecure Direct Object Reference
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...
CVE-2025-7899
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...
CVE-2025-7900
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
CVE-2025-6585
The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the csremoveprofilecallback function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-6585
The WP JobHunt WordPress plugin (versions up to 7.2) is affected by an Insecure Direct Object Reference through the cs_remove_profile_callback() function due to missing validation on a user-controlled key. This allows authenticated attackers with Subscriber-level access or higher to delete accoun...
CVE-2025-51862
TelegAI (telegai.com) is affected by an Insecure Direct Object Reference (IDOR) vulnerability in its chat component. Exploitation relies on manipulating the profile_id in chat-related API calls (as evidenced by the GitHub exploit, PT-2025-30420 description, and other reports), enabling an attacke...
PT-2025-30418 · Unknown · Deepfiction Ai
Name of the Vulnerable Software and Affected Versions: Deepfiction AI versions prior to June 3, 2025 Description: An Insecure Direct Object Reference IDOR vulnerability exists in Deepfiction AI. This allows attackers to access and utilize other users' credits for interacting with the Large Langua...
PT-2025-30423 · Unknown · Ai2 Playground Web Service
Name of the Vulnerable Software and Affected Versions: Ai2 playground web service versions prior to 2025-06-04 Description: The Ai2 playground web service is susceptible to an Insecure Direct Object Reference IDOR issue. This allows attackers to access sensitive information by enumerating thread...
PT-2025-30378 · WordPress · Wp Jobhunt
Name of the Vulnerable Software and Affected Versions: WP JobHunt versions prior to 7.3 Description: The WP JobHunt plugin for WordPress is susceptible to an Insecure Direct Object Reference issue in all versions up to and including 7.2, specifically within the cs remove profile callback function...
CVE-2025-51865
Ai2 playground web service playground.allenai.org LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference IDOR, allowing attackers to gain sensitvie information via enumerating thread keys in the URL...
CVE-2025-51867
Insecure Direct Object Reference IDOR vulnerability in Deepfiction AI deepfiction.ai thru June 3, 2025, allowing attackers to chat with the LLM using other users' credits via sensitive information gained by the /browse/stories endpoint...
CVE-2025-51862
Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...
CVE-2025-51865
CVE-2025-51865 concerns the Ai2 Playground web service (playground.allenai.org). The vulnerability is an Insecure Direct Object Reference (IDOR) that lets an attacker enumerate thread keys in the URL to gain sensitive information. The CVE is tracked with CVSS 3.1: Network attack, Low attack compl...