4435 matches found
PT-2025-39974
Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access...
PT-2025-39977
Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access...
PT-2025-39972
Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access...
PT-2025-39975
Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access...
PT-2025-39980
Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The issue involves a misuse of the general enquiry web service. Recommendations Update to version 2.5.25 or later...
PT-2025-40020
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.117 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.10 Liferay DXP versions 2024.Q1.1 through 2024.Q1.5 Liferay Portal 7.4 GA through update 92 Older...
PT-2025-39976
Name of the Vulnerable Software and Affected Versions BOLD Workplanner versions prior to 2.5.25 Description An Insecure Direct Object Reference IDOR issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-55886
An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...
proofcraft
PocGEN - Proof of Concept Generator A Python command-line too...
GHSA-F372-9RCJ-8W2C Liferay Portal and DXP allows users to add a note to a different virtual instance
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
Liferay Portal and DXP allows users to add a note to a different virtual instance
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-43810
CVE-2025-43810 affects Liferay Portal and Liferay DXP, where an insecure direct object reference via the parameter _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId allows a remote authenticated user to add a note to an order in a different virtual instance. Af...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-57994
Technical details are not publicly available in the provided documents for CVE-2025-57994 (Upcoming Events Lists). Monitor for updates and rely on official advisories for affected versions, impact, and fixes.
CVE-2025-55886
An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...
PT-2025-39087
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.5 through 7.4.3.112 Liferay DXP versions 2023.Q4.0 through 2023.Q4.8 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay versions 7.4 GA through update 92 Description An Insecure Direct Object Reference IDOR...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
ARD GEC en Ligne 安全漏洞
ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in ARD GEC en Ligne that stems from an insecure direct object reference to the feuid parameter in the payment history API endpoint, which could lead to unauthorized access to another user's payment history...