CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Discourse vulnerability CVE-2025-58055 affects version 3.5.0 and earlier, where AI suggestion endpoints for Title, Category, and Tags can disclose information from restricted topics by altering topic_id in API requests. The root cause is improper access control at the AI helper endpoints, enablin...

4.3CVSS5.8AI score0.00232EPSS

Exploits0References4Affected Software1

NVD•added 2025/10/01 3:15 p.m.•2 views

CVE-2025-59687

IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...

4.3CVSS0.00195EPSS

Exploits0References2

RedhatCVE•added 2025/10/01 11:17 a.m.•3 views

CVE-2025-41095

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter details using unauthorised internal identifiers...

7.1CVSS6.6AI score0.00229EPSS

Exploits0References1

Vulnrichment•added 2025/10/01 12:0 a.m.•3 views

CVE-2025-59687

IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...

6.6AI score0.00195EPSS

Exploits0References2

OSV•added 2025/09/30 11:37 a.m.•1 views

CVE-2025-41098

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...

7.5CVSS5.8AI score0.00316EPSS

Exploits0References1

NVD•added 2025/09/30 11:37 a.m.•2 views

CVE-2025-41095

7.1CVSS0.00229EPSS

Exploits0References1

NVD•added 2025/09/30 11:37 a.m.•2 views

CVE-2025-41098

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...

7.5CVSS0.00316EPSS

Exploits0References1

OSV•added 2025/09/30 11:37 a.m.•3 views

CVE-2025-41092

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...

4.3CVSS5.8AI score0.00229EPSS

Exploits0References1

OSV•added 2025/09/30 11:37 a.m.•2 views

CVE-2025-41093

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic contract details using unauthorised internal identifiers...

4.3CVSS5.8AI score0.00229EPSS

Exploits0References1

NVD•added 2025/09/30 11:37 a.m.•3 views

CVE-2025-41091

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...

7.1CVSS0.00229EPSS

Exploits0References1

Cvelist•added 2025/09/30 11:18 a.m.•4 views

CVE-2025-41098 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...

7.1CVSS0.00316EPSS

Exploits0References1

CVE•added 2025/09/30 11:14 a.m.•11 views

CVE-2025-41094

The CVE-2025-41094 issue affects Bold Workplanner. An Insecure Direct Object Reference (IDOR) exists in versions prior to 2.5.25 (4935b438f9b) due to insufficient input validation, enabling an authenticated user to access functional contract details via unauthorized internal identifiers. Multiple...

7.1CVSS6.3AI score0.00229EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/09/30 11:13 a.m.•2 views

CVE-2025-41093 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic contract details using unauthorised internal identifiers...

7.1CVSS6.3AI score0.00229EPSS

Exploits0References1

CVE•added 2025/09/30 11:13 a.m.•11 views

CVE-2025-41093

CVE-2025-41093 affects Bold Workplanner prior to version 2.5.25. The issue is an insecure direct object reference (IDOR) caused by inadequate validation of user input, allowing an authenticated user to access basic contract details via unauthorized internal identifiers. Remediation: update to ver...

7.1CVSS6.3AI score0.00229EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/09/30 11:12 a.m.•2 views

CVE-2025-41092 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...

7.1CVSS6.3AI score0.00229EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by