CVE-2025-51865

Ai2 playground web service playground.allenai.org LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference IDOR, allowing attackers to gain sensitvie information via enumerating thread keys in the URL...

CVE-2025-51862

Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...

CVE-2025-51867

Insecure Direct Object Reference IDOR vulnerability in Deepfiction AI deepfiction.ai thru June 3, 2025, allowing attackers to chat with the LLM using other users' credits via sensitive information gained by the /browse/stories endpoint...

GHSA-X769-3CWV-F8HC Powermail extension for TYPO3 allows Insecure Direct Object Reference

The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...

Femanager extension for TYPO3 allows Insecure Direct Object Reference

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...

Powermail extension for TYPO3 allows Insecure Direct Object Reference

The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...

GHSA-RC5F-3HFV-JXP2 Femanager extension for TYPO3 allows Insecure Direct Object Reference

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...

CVE-2025-7900

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...

CVE-2025-7899

The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...

CVE-2025-6585

The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the csremoveprofilecallback function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-6585

The WP JobHunt WordPress plugin (versions up to 7.2) is affected by an Insecure Direct Object Reference through the cs_remove_profile_callback() function due to missing validation on a user-controlled key. This allows authenticated attackers with Subscriber-level access or higher to delete accoun...

CVE-2025-6585 WP JobHunt <= 7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Account Deletion

The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the csremoveprofilecallback function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-51865

Ai2 playground web service playground.allenai.org LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference IDOR, allowing attackers to gain sensitvie information via enumerating thread keys in the URL...

PT-2025-30418 · Unknown · Deepfiction Ai

Name of the Vulnerable Software and Affected Versions: Deepfiction AI versions prior to June 3, 2025 Description: An Insecure Direct Object Reference IDOR vulnerability exists in Deepfiction AI. This allows attackers to access and utilize other users' credits for interacting with the Large Langua...

CVE-2025-51867

Insecure Direct Object Reference IDOR vulnerability in Deepfiction AI deepfiction.ai thru June 3, 2025, allowing attackers to chat with the LLM using other users' credits via sensitive information gained by the /browse/stories endpoint...

CVE-2025-51862

TelegAI (telegai.com) is affected by an Insecure Direct Object Reference (IDOR) vulnerability in its chat component. Exploitation relies on manipulating the profile_id in chat-related API calls (as evidenced by the GitHub exploit, PT-2025-30420 description, and other reports), enabling an attacke...

CVE-2025-51865

CVE-2025-51865 concerns the Ai2 Playground web service (playground.allenai.org). The vulnerability is an Insecure Direct Object Reference (IDOR) that lets an attacker enumerate thread keys in the URL to gain sensitive information. The CVE is tracked with CVSS 3.1: Network attack, Low attack compl...

Ai2 Playground 安全漏洞

Ai2 Playground is an AI macromodeling website from Ai2 Playground, Inc. A security vulnerability exists in Ai2 Playground versions 2025-06-03 and earlier, which stems from an insecure direct object reference that could lead to access to sensitive information...

TelegAI 跨站脚本漏洞

TelegAI is an AI chatbot website from TelegAI, Inc. A cross-site scripting vulnerability exists in TelegAI versions 2025-05-26 and earlier, which stems from an insecure direct object reference that could lead to tampering with other users' conversations and injecting malicious content...

TYPO3 femanager 安全漏洞

TYPO3 femanager is a TYPO3 extension to the TYPO3 open source. A security vulnerability exists in TYPO3 femanager versions 6.4.1 and earlier, 7.0.0 to 7.5.2, and 8.0.0 to 8.3.0, which stems from an insecure direct object reference that could lead to unauthorized modification of user data...