CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/09/30 11:13 a.m.•2 views

CVE-2025-41093 Insecure Direct Object Reference in GPS BOLD Workplanner

Cvelist•added 2025/09/30 11:12 a.m.•3 views

CVE-2025-41092 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...

7.1CVSS0.00229EPSS

Vulnrichment•added 2025/09/30 11:12 a.m.•2 views

CVE-2025-41092 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...

CVE•added 2025/09/30 11:10 a.m.•11 views

CVE-2025-41091

CVE-2025-41091 concerns Bold Workplanner. Affected: Bold Workplanner prior to version 2.5.25 (4935b438f9b). Issue: Insecure Direct Object Reference (IDOR) due to insufficient input validation, enabling an authenticated user to access calendar details using unauthorized internal identifiers. Impac...

Exploits0References1Affected Software1

Cvelist•added 2025/09/30 11:10 a.m.•3 views

CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...

7.1CVSS0.00229EPSS

Vulnrichment•added 2025/09/30 11:10 a.m.•3 views

CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...

Positive Technologies•added 2025/09/30 12:0 a.m.•4 views

PT-2025-39978

Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access...

7.1CVSS6.5AI score0.00229EPSS

Exploits0References3

7.5CVSS6.8AI score0.00316EPSS

Bold Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that stems from the misuse of the Generic Query Web Service, no details of the vulnerability are...

Cvelist•added 2025/09/30 12:0 a.m.•8 views

CVE-2025-56392

An Insecure Direct Object Reference IDOR in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request...

0.00299EPSS

Exploits1References2

Bold Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. An insecure direct object reference vulnerability exists in Bold Workplanner versions prior to 2.5.25, which stems from a lack of sufficient validation of user input, and can be...

Bold Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access functional contract details using an unauthorized...

BOLD Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access calendar details using an unauthorized internal...

Bold Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access basic contract details using an unauthorized internal...

Bold Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access plan counter details using an unauthorized internal...

Bold Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access the date of current contract details using an...

Bold Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access basic employee details using an unauthorized internal...

5.3CVSS6.4AI score0.00263EPSS

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...