CVE-2025-41098 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...

CVE-2025-41098 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...

CVE-2025-41099

CVE-2025-41099 describes an insecure direct object reference in Bold Workplanner before version 2.5.25 (build 4935b438f9b). The issue arises from insufficient input validation, allowing an authenticated user to access the internal list of permissions using unauthorized internal identifiers, with ...

CVE-2025-41097

CVE-2025-41097 affects Bold Workplanner, an enterprise HR software. The issue is an insecure direct object reference (IDOR) caused by insufficient validation of user input, allowing an authenticated user to access basic employee details using unauthorized internal identifiers. This vulnerability ...

CVE-2025-41095

CVE-2025-41095 affects Bold Workplanner. Affected: versions prior to 2.5.25 (4935b438f9b). Issue: insecure direct object reference (IDOR) due to insufficient validation of user input, enabling an authenticated user to access planning counter details via unauthorized internal identifiers. Impact d...

CVE-2025-41094 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contract details using unauthorised internal identifiers...

CVE-2025-41093

CVE-2025-41093 affects Bold Workplanner prior to version 2.5.25. The issue is an insecure direct object reference (IDOR) caused by inadequate validation of user input, allowing an authenticated user to access basic contract details via unauthorized internal identifiers. Remediation: update to ver...