39 matches found
EUVD-2025-11967
Malicious code in bioql PyPI...
EUVD-2025-11966
Malicious code in bioql PyPI...
EUVD-2025-11965
Malicious code in bioql PyPI...
EUVD-2025-11968
Malicious code in bioql PyPI...
The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of...
The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a perpetrator to enhance their privileges.
The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to an error in processing authentication keys controlled by users. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a hacker to perform a CSRF attack.
The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability may allow a remote attacker to carry out a CSRF attack...
The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a attacker to execute cross-site scripting attacks.
The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform XSS scripting across sites by sending specially crafted...
CVE-2025-46546
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...
CVE-2025-46547
In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue...
CVE-2025-46545
In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires...
CVE-2025-46544
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles...
CVE-2025-46546
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...
CVE-2025-46545
In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires...
CVE-2025-46546
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...
CVE-2025-46547
In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue...
CVE-2025-46545
In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires...
CVE-2025-46544
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles...
CVE-2025-46544
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles...
Sherpa Orchestrator 安全漏洞
Sherpa Orchestrator is an IT management software from Sherpa for automating IT processes and workflow management. A security vulnerability exists in Sherpa Orchestrator version 141851, which stems from the possibility that a low-privileged user could elevate privileges by creating new users and...