CVE-2025-41091

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...

CVE-2025-41098 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...

CVE-2025-41094

The CVE-2025-41094 issue affects Bold Workplanner. An Insecure Direct Object Reference (IDOR) exists in versions prior to 2.5.25 (4935b438f9b) due to insufficient input validation, enabling an authenticated user to access functional contract details via unauthorized internal identifiers. Multiple...

CVE-2025-41093

CVE-2025-41093 affects Bold Workplanner prior to version 2.5.25. The issue is an insecure direct object reference (IDOR) caused by inadequate validation of user input, allowing an authenticated user to access basic contract details via unauthorized internal identifiers. Remediation: update to ver...

CVE-2025-41093 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic contract details using unauthorised internal identifiers...

CVE-2025-41092 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...

Bold Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that stems from the misuse of the Generic Query Web Service, no details of the vulnerability are...

Bold Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access basic employee details using an unauthorized internal...

PT-2025-40020

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.117 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.10 Liferay DXP versions 2024.Q1.1 through 2024.Q1.5 Liferay Portal 7.4 GA through update 92 Older...

CVE-2025-43803

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...

CVE-2025-43803

The CVE-2025-43803 case affects Liferay Portal and Liferay DXP where the Contacts Center widget directly exposes the entryId parameter (_com_liferay_contacts_web_portlet_ContactsCenterPortlet_entryId) leading to an Insecure Direct Object Reference (IDOR). Affected versions include Liferay Portal ...

CVE-2025-10719

Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files...

CVE-2025-10719 WisdomGarden｜Tronclass - Insecure Direct Object Reference

Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files...

PT-2025-38612

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.119 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.6 Liferay Portal versions 7.4 GA through update 92 Description An insecure direct object reference...

CVE-2025-10493

The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to hijack and modify other...

PT-2025-38302

Name of the Vulnerable Software and Affected Versions Chained Quiz plugin for WordPress versions 1.3.4 and below Description The Chained Quiz plugin for WordPress is susceptible to an Insecure Direct Object Reference issue in versions 1.3.4 and below. This flaw resides in the quiz submission and...

CVE-2025-43790

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate...

CVE-2025-43790

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate...

PT-2025-37254

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.124 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.6 Description: An Insecure Direct Object Reference IDOR vulnerability exists. This allows remote...

CVE-2025-52389

CVE-2025-52389 describes an Insecure Direct Object Reference (IDOR) in the application "Envasadora H2O Eireli - Soda Cristal" version v40.20.4 . The vulnerability allows authenticated attackers to access sensitive data belonging to other users through a crafted HTTP request. The issue’s CVSS v3.1...