Lucene search
K

39 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-11967

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.0024EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-11966

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00148EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.21 views

EUVD-2025-11965

Malicious code in bioql PyPI...

3.5CVSS6.6AI score0.00346EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-11968

Malicious code in bioql PyPI...

4.4CVSS6.6AI score0.00237EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.8 views

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of...

9CVSS5.6AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.5 views

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a perpetrator to enhance their privileges.

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to an error in processing authentication keys controlled by users. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

8.5CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.4 views

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a hacker to perform a CSRF attack.

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability may allow a remote attacker to carry out a CSRF attack...

5CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.22 views

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a attacker to execute cross-site scripting attacks.

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform XSS scripting across sites by sending specially crafted...

9.4CVSS5.4AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/27 12:7 a.m.14 views

CVE-2025-46546

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...

3.5CVSS7.5AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/27 12:5 a.m.14 views

CVE-2025-46547

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue...

5.4CVSS7.3AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/27 12:5 a.m.15 views

CVE-2025-46545

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires...

4.4CVSS6.1AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/27 12:4 a.m.13 views

CVE-2025-46544

In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles...

6.4CVSS7AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2025/04/25 3:15 a.m.18 views

CVE-2025-46546

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...

8.8CVSS0.00346EPSS
Exploits0References4
OSV
OSV
added 2025/04/25 3:15 a.m.8 views

CVE-2025-46545

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires...

4.8CVSS5.9AI score0.00237EPSS
Exploits0References4
OSV
OSV
added 2025/04/25 3:15 a.m.7 views

CVE-2025-46546

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...

8.8CVSS5.8AI score0.00346EPSS
Exploits0References4
NVD
NVD
added 2025/04/25 3:15 a.m.9 views

CVE-2025-46547

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue...

6.1CVSS0.00148EPSS
Exploits0References4
NVD
NVD
added 2025/04/25 3:15 a.m.17 views

CVE-2025-46545

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires...

4.8CVSS0.00237EPSS
Exploits0References4
OSV
OSV
added 2025/04/25 3:15 a.m.4 views

CVE-2025-46544

In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References4
NVD
NVD
added 2025/04/25 3:15 a.m.12 views

CVE-2025-46544

In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles...

6.5CVSS0.0024EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/25 12:0 a.m.4 views

Sherpa Orchestrator 安全漏洞

Sherpa Orchestrator is an IT management software from Sherpa for automating IT processes and workflow management. A security vulnerability exists in Sherpa Orchestrator version 141851, which stems from the possibility that a low-privileged user could elevate privileges by creating new users and...

6.5CVSS6.7AI score0.0024EPSS
Exploits0References6
Rows per page
Query Builder