4435 matches found
CVE-2025-41098
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...
CVE-2025-41093
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic contract details using unauthorised internal identifiers...
CVE-2025-41092
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...
CVE-2025-41091
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...
CVE-2025-41091
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...
CVE-2025-41098 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...
CVE-2025-41098 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...
CVE-2025-41099
CVE-2025-41099 describes an insecure direct object reference in Bold Workplanner before version 2.5.25 (build 4935b438f9b). The issue arises from insufficient input validation, allowing an authenticated user to access the internal list of permissions using unauthorized internal identifiers, with ...
CVE-2025-41099 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the list of permissions using unauthorised internal identifiers...
CVE-2025-41099 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the list of permissions using unauthorised internal identifiers...
CVE-2025-41097
CVE-2025-41097 affects Bold Workplanner, an enterprise HR software. The issue is an insecure direct object reference (IDOR) caused by insufficient validation of user input, allowing an authenticated user to access basic employee details using unauthorized internal identifiers. This vulnerability ...
CVE-2025-41097 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic employee details using unauthorised internal identifiers...
CVE-2025-41096
Summary: CVE-2025-41096 is an Insecure Direct Object Reference (IDOR) in Bold Workplanner, affecting versions prior to 2.5.25. The vulnerability arises from insufficient validation of user input, allowing an authenticated user to access the dates of current contract details using unauthorized int...
CVE-2025-41096 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the dates of the current contract details using unauthorised internal identifiers...
CVE-2025-41096 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the dates of the current contract details using unauthorised internal identifiers...
CVE-2025-41095 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter details using unauthorised internal identifiers...
CVE-2025-41095 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter details using unauthorised internal identifiers...
CVE-2025-41094
The CVE-2025-41094 issue affects Bold Workplanner. An Insecure Direct Object Reference (IDOR) exists in versions prior to 2.5.25 (4935b438f9b) due to insufficient input validation, enabling an authenticated user to access functional contract details via unauthorized internal identifiers. Multiple...
CVE-2025-41094 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contract details using unauthorised internal identifiers...
CVE-2025-41093
CVE-2025-41093 affects Bold Workplanner prior to version 2.5.25. The issue is an insecure direct object reference (IDOR) caused by inadequate validation of user input, allowing an authenticated user to access basic contract details via unauthorized internal identifiers. Remediation: update to ver...