4435 matches found
TYPO3 powermail 安全漏洞
TYPO3 powermail is a mail form extension for TYPO3 open source. A security vulnerability exists in TYPO3 powermail versions 12.0.0 through 12.5.2 and 13.0.0, which stems from an insecure direct object reference that could lead to the download of arbitrary files from a web server...
WordPress plugin WP JobHunt 输入验证错误漏洞
WordPress WP JobHunt plugin is a companion theme to the WP Job Manager plugin, designed for creating professional job boards. The WordPress WP JobHunt plugin suffers from an input validation error vulnerability that stems from a lack of user control key validation in the csremoveprofilecallback...
CVE-2025-51862
Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...
CVE-2025-51865
Ai2 playground web service playground.allenai.org LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference IDOR, allowing attackers to gain sensitvie information via enumerating thread keys in the URL...
PT-2025-30378 · WordPress · Wp Jobhunt
Name of the Vulnerable Software and Affected Versions: WP JobHunt versions prior to 7.3 Description: The WP JobHunt plugin for WordPress is susceptible to an Insecure Direct Object Reference issue in all versions up to and including 7.2, specifically within the cs remove profile callback function...
PT-2025-30420 · Telegai · Telegai
Name of the Vulnerable Software and Affected Versions: TelegAI versions through 2025-05-26 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the chat component of TelegAI. This allows an attacker to tamper with other users' conversations. Additionally, malicious conten...
PT-2025-30395 · Typo3 · Femanager
Name of the Vulnerable Software and Affected Versions: femanager versions 6.4.1 and below femanager versions 7.0.0 through 7.5.2 femanager versions 8.0.0 through 8.3.0 Description: The femanager extension for TYPO3 contains an Insecure Direct Object Reference issue, which allows unauthorized...
PT-2025-30423 · Unknown · Ai2 Playground Web Service
Name of the Vulnerable Software and Affected Versions: Ai2 playground web service versions prior to 2025-06-04 Description: The Ai2 playground web service is susceptible to an Insecure Direct Object Reference IDOR issue. This allows attackers to access sensitive information by enumerating thread...
CVE-2025-51867
CVE-2025-51867 affects Deepfiction AI and is an Insecure Direct Object Reference (IDOR) vulnerability exploiting the /browse/stories endpoint to let an attacker chat with the LLM using other users’ credits. Root cause: improper access controls exposing sensitive information tied to user credits. ...
CVE-2025-51868
Insecure Direct Object Reference IDOR vulnerability in Dippy chat.dippy.ai v2 allows attackers to gain sensitive information via the conversationid parameter to the conversationhistory endpoint...
CVE-2025-51869
Insecure Direct Object Reference IDOR vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted spaceid, threadid, and messageid parameters to the v1/space/spaceid/thread/threadid/message/messageid endpoint...
CVE-2025-51868
CVE-2025-51868 describes an Insecure Direct Object Reference (IDOR) in Dippy v2. An attacker can access sensitive information through the conversation_id parameter of the conversation_history endpoint, leading to disclosure of other users’ conversation histories. Affected: Dippy version 2 (chat.d...
Deepfiction AI Insecure Direct Object Reference
Deepfiction AI is an AI entertainment company with a mission to revolutionize personalized storytelling. Deepfiction AI provides a web application to create stories via chat and is susceptible to an insecure direct object reference vulnerability. An attacker can exploit this IDOR to chat with the...
ChatPlayground.ai Cross Site Scripting / Insecure Direct Object Reference
ChatPlayground.ai is a popular web application for comparing AI models. A cross site scripting vulnerability exists in the chat component. This can lead to JWT token theft and remote account hijacking. Additionally, the /api/chat-history endpoint exhibits weak access control allowing for insecure...
CVE-2025-51868
Insecure Direct Object Reference IDOR vulnerability in Dippy chat.dippy.ai v2 allows attackers to gain sensitive information via the conversationid parameter to the conversationhistory endpoint...
CVE-2025-51868
Insecure Direct Object Reference IDOR vulnerability in Dippy chat.dippy.ai v2 allows attackers to gain sensitive information via the conversationid parameter to the conversationhistory endpoint...
CVE-2025-51869
Insecure Direct Object Reference IDOR vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted spaceid, threadid, and messageid parameters to the v1/space/spaceid/thread/threadid/message/messageid endpoint...
PT-2025-30339 · Dippy · Dippy
Name of the Vulnerable Software and Affected Versions: Dippy version 2 Description: An Insecure Direct Object Reference IDOR vulnerability exists in Dippy that allows attackers to gain sensitive information. The vulnerability is present in the conversation history API endpoint and is exploitable...
CVE-2025-5816
The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the getorderdetail due to missing validation on a user controlled key. This makes it possible for...
Exploit for CVE-2025-51862
CVE-2025-51862 Vulnerability description TelegAI, a web...