Lucene search
K

345 matches found

OSV
OSV
added 2025/08/21 3:45 p.m.6 views

CVE-2025-55743 UnoPim vulnerable to remote code execution through Arbitrary File upload

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy...

8.6CVSS6.5AI score0.00446EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/08/21 2:26 p.m.9 views

UnoPim vulnerable to remote code execution through Arbitrary File upload

Summary: Affected Functionality: Image upload at User creation Endpoint: /admin/settings/users/create Details The image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy lik...

8.8CVSS6AI score0.00446EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/08/21 2:26 p.m.11 views

GHSA-V22V-XWH7-2VRM UnoPim vulnerable to remote code execution through Arbitrary File upload

Summary: Affected Functionality: Image upload at User creation Endpoint: /admin/settings/users/create Details The image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy lik...

8.6CVSS6AI score0.00446EPSS
Exploits1References4
CVE
CVE
added 2025/07/08 6:42 p.m.24 views

CVE-2025-27367

CVE-2025-27367 affects IBM OpenPages with Watson versions 8.3 through 9.0. The issue is described as improper input validation where an authenticated user can bypass client-side validation for GRC Object fields and craft a payload that allows data to be saved without required fields being stored....

6.5CVSS6.2AI score0.00221EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2025/06/28 10:37 p.m.8 views

Mars: Account Takeover in Password Reset Function

A critical authentication bypass vulnerability was present in the password reset functionality of the website. The vulnerability allowed attackers to take over any user account without requiring access to the victim's phone number or one-time password. The security flaw existed in the...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2025/06/05 1:41 p.m.15 views

CVE-2025-0691

Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...

0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.13 views

CVE-2024-52008

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...

8.8CVSS6.8AI score0.00536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.6 views

CVE-2024-43188

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...

4.9CVSS6.5AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:40 a.m.7 views

CVE-2023-0581

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...

5.3CVSS6.8AI score0.00734EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:37 a.m.9 views

CVE-2023-35901

IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380...

5.3CVSS6.4AI score0.00394EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:53 p.m.9 views

CVE-2022-46773

IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951...

6.5CVSS6.4AI score0.00503EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:35 p.m.9 views

CVE-2021-43355

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

9.8CVSS7.1AI score0.00978EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:49 a.m.7 views

CVE-2013-1245

The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID...

4CVSS6.6AI score0.00997EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/07 12:24 a.m.21 views

CVE-2025-28168

The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension...

9.8CVSS6.5AI score0.00279EPSS
Exploits0References1
NVD
NVD
added 2025/05/05 2:15 p.m.26 views

CVE-2025-28168

The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension...

9.8CVSS0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.6 views

PT-2025-19707 · Outsystems · Outsystems

Name of the Vulnerable Software and Affected Versions: Outsystems versions prior to 3.1.0 Description: The issue arises because file extension and size validations are enforced solely on the client side in the Outsystems Multiple File Upload feature. This allows an attacker to intercept the uploa...

6.4CVSS6.6AI score0.00279EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/05/05 12:0 a.m.14 views

CVE-2025-28168

The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension...

6.4CVSS0.00279EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/05 12:0 a.m.6 views

CVE-2025-28168

The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension...

6.4CVSS6.5AI score0.00279EPSS
Exploits0References2
CVE
CVE
added 2025/05/05 12:0 a.m.88 views

CVE-2025-28168

The CVE-2025-28168 entry concerns OutSystems’ “Multiple File Upload” add-on component 3.1.0. Affected: the add-on’s file extension and size checks are enforced client-side, allowing an attacker to intercept and modify upload requests to bypass restrictions and upload arbitrary files (unrestricted...

9.8CVSS6.5AI score0.00279EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/05/03 7:15 p.m.3 views

CVE-2025-1838

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service...

6.5CVSS5.8AI score0.00321EPSS
Exploits0References1
Rows per page
Query Builder