Lucene search
K

487 matches found

CVE
CVE
added 2026/06/30 2:30 p.m.16 views

CVE-2026-48192

CVE-2026-48192 affects Mendix Studio Pro across multiple versions (10.x and 11.x) with a flaw where built project files are not properly validated/sanitized during the build pipeline. An attacker could trick a user into opening and running a specially crafted malicious project locally, potentiall...

6.8CVSS6.1AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53897

Name of the Vulnerable Software and Affected Versions Mendix Studio Pro versions 10.11 through 10.23 Mendix Studio Pro versions prior to 10.24.21 Mendix Studio Pro versions 11.0 through 11.5 Mendix Studio Pro versions prior to 11.6.7 Mendix Studio Pro versions 11.7 through 11.11 Description...

6.8CVSS6.3AI score0.00193EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.11 views

CVE-2026-7891

The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...

9.3CVSS5.5AI score0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 12:31 a.m.13 views

EUVD-2026-28463

The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...

9.3CVSS5.8AI score0.00272EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 10:16 p.m.24 views

CVE-2026-7891

A vulnerability has been identified in Mendix Runtime All versions. Mendix documentation for access rules does not adequately describe the special behavior of the System.User entity, leaving developers without sufficient guidance to configure access rules securely. This documentation gap may lead...

9.1CVSS0.00272EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/07 9:7 p.m.10 views

CVE-2026-7891

A vulnerability has been identified in Mendix Runtime All versions. Mendix documentation for access rules does not adequately describe the special behavior of the System.User entity, leaving developers without sufficient guidance to configure access rules securely. This documentation gap may lead...

9.1CVSS6AI score0.00272EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 9:7 p.m.57 views

CVE-2026-7891

A vulnerability has been identified in Mendix Runtime All versions. Mendix documentation for access rules does not adequately describe the special behavior of the System.User entity, leaving developers without sufficient guidance to configure access rules securely. This documentation gap may lead...

9.1CVSS0.00272EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 9:7 p.m.31 views

CVE-2026-7891

The CVE-2026-7891 entry documents an authorization misconfiguration in The VerySecureApp (DIVD) built with Mendix Studio Pro 11.8.0 Beta. Anonymous users in the MyFirstModule, tied to the anonymous user role, can access all stored records even when no explicit access rights exist for that role. T...

9.1CVSS6AI score0.00272EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.17 views

PT-2026-38589

Name of the Vulnerable Software and Affected Versions Mendix Studio Pro versions prior to 11.8.0 Beta Description An authorization misconfiguration in the software allows unintended data exposure. Specifically, users with the anonymous user role in the MyFirstModule can gain access to all stored...

9.3CVSS5.8AI score0.00272EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.18 views

Siemens Mendix Studio Pro 安全漏洞

Siemens Mendix Studio Pro is a visualization model-driven IDE developed by the German company Siemens. Versions of Siemens Mendix Studio Pro 11.8.0 Beta and earlier contained security vulnerabilities. These vulnerabilities were caused by incorrect authorization configurations, which could allow...

9.3CVSS5.8AI score0.00272EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/10 12:0 a.m.2 views

Siemens Mendix Application Authorization Misconfiguration Vulnerability

Siemens Mendix is a low-code application development platform from Siemens. An authorization misconfiguration vulnerability exists in the Siemens Mendix application, which can be exploited by an attacker to obtain sensitive information...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:30 a.m.8 views

CVE-2021-27394

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.19, Mendix Applications using Mendix 8 All versions V8.17.0, Mendix Applications using Mendix 8 V8.12 All versions V8.12.5, Mendix Applications using Mendix 8 V8.6 All versions V8.6.9, Mendix Applications...

8.8CVSS7AI score0.00804EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.9 views

CVE-2021-33718

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.22, Mendix Applications using Mendix 8 All versions V8.18.7, Mendix Applications using Mendix 9 All versions V9.3.0. Write access checks of attributes of an object could be bypassed, if user has a write...

5.3CVSS6.7AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.7 views

CVE-2021-33712

A vulnerability has been identified in Mendix SAML Module All versions V2.1.2. The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges...

8.8CVSS6.7AI score0.00604EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.7 views

CVE-2021-31341

Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module All versions prior to v7.0.1...

4.3CVSS6.5AI score0.00721EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.22 views

CVE-2025-40571

A vulnerability has been identified in Mendix OIDC SSO Mendix 10.12 compatible All versions V4.0.1, Mendix OIDC SSO Mendix 9 compatible All versions V3.3.1, Mendix OIDC SSO V4.2 Mendix 10 compatible All versions V4.2.1, Mendix OIDC SSO V4.3 Mendix 10 compatible All versions. The Mendix OIDC SSO...

2.2CVSS5.7AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.7 views

CVE-2022-37011

A vulnerability has been identified in Mendix SAML Mendix 7 compatible All versions V1.17.0, Mendix SAML Mendix 8 compatible All versions V2.3.0, Mendix SAML Mendix 9 compatible, New Track All versions V3.3.1, Mendix SAML Mendix 9 compatible, Upgrade Track All versions V3.3.0. Affected versions o...

9.8CVSS7AI score0.01046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.9 views

CVE-2022-26313

A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1. In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts...

9.8CVSS6.8AI score0.00953EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:42 a.m.11 views

CVE-2022-26317

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.29. When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with...

6.5CVSS6.7AI score0.0092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:42 a.m.13 views

CVE-2022-26314

A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1, Mendix Forgot Password Appstore module Mendix 7 compatible All versions V3.2.2. Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to...

9.8CVSS6.9AI score0.01437EPSS
Exploits1References1
Rows per page
Query Builder