Lucene search
+L

345 matches found

osv
osv
added 2024/03/25 7:37 p.m.19 views

GHSA-246P-XMG8-WMCQ OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation

Summary A security vulnerability exists in oneuptime's local storage handling, where a regular user can escalate privileges by modifying the ismasteradmin key to true. This allows unauthorized access to administrative functionalities. Details The vulnerability lies in the improper validation of...

8.3CVSS8.3AI score0.00702EPSS
Exploits1References4
huntr
huntr
added 2023/08/15 6:18 a.m.12 views

Weak Password Requirements

Weak password requirements are password policies that are too lax and allow users to create passwords that are easy to guess or crack. This can make it easier for attackers to gain unauthorized access to accounts and systems. It was discovered that the validation takes place only on the client si...

7.4AI score
Exploits0References1
nvd
nvd
added 2023/07/17 12:15 a.m.26 views

CVE-2023-35901

IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380...

5.3CVSS0.00454EPSS
Exploits0References2
prion
prion
added 2023/07/17 12:15 a.m.24 views

Input validation

IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380...

5CVSS5.2AI score0.00454EPSS
Exploits0References2Affected Software3
cvelist
cvelist
added 2023/07/16 11:31 p.m.28 views

CVE-2023-35901 IBM Robotic Process Automation security bypass

IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380...

2.7CVSS5.4AI score0.00454EPSS
Exploits0References2
cve
cve
added 2023/07/16 11:31 p.m.69 views

CVE-2023-35901

IBM Robotic Process Automation (RPA) is affected by CVE-2023-35901 due to a client-side validation bypass in specific builds. Affected versions include IBM RPA 21.0.0–21.0.7.6 and 23.0.0–23.0.6. The underlying issue allows invalid changes or values to be accepted in certain fields via the client-...

5.3CVSS4.4AI score0.00454EPSS
Exploits0References2Affected Software3
ibm
ibm
added 2023/07/15 2:52 p.m.32 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to client side validation bypass (CVE-2023-35901)

Summary IBM Robotic Process Automation is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. CVE-2023-35901 Vulnerability Details CVEID:CVE-2023-35901 DESCRIPTION: IBM Robotic Process Automation is vulnerable to client side validation bypass...

5.3CVSS4.7AI score0.00454EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2023/03/17 12:0 a.m.22 views

Medicine Tracker System 跨站脚本漏洞

Medicine Tracker System is a drug tracking system by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in Medicine Tracker System. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this...

6.1CVSS4.9AI score0.00388EPSS
Exploits0References3
osv
osv
added 2023/03/15 8:15 p.m.7 views

CVE-2022-46773

IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951...

6.5CVSS5.8AI score0.00503EPSS
Exploits0References2
nvd
nvd
added 2023/03/15 8:15 p.m.24 views

CVE-2022-46773

IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951...

6.5CVSS5.3AI score0.00503EPSS
Exploits0References2
prion
prion
added 2023/03/15 8:15 p.m.21 views

Input validation

IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951...

4CVSS6.3AI score0.00503EPSS
Exploits0References2Affected Software3
vulnrichment
vulnrichment
added 2023/03/15 7:57 p.m.10 views

CVE-2022-46773 IBM Robotic Process Automation security bypass

IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951...

4.3CVSS6.3AI score0.00503EPSS
Exploits0References2
cve
cve
added 2023/03/15 7:57 p.m.66 views

CVE-2022-46773

IBM Robotic Process Automation (IBM RPA) versions 21.0.0–21.0.7 and 23.0.0 are affected by a client-side validation bypass in credential pools, which may allow creation of invalid credential pools. The issue’s root cause is client-side validation bypass for credential pools; impact is potential m...

6.5CVSS5.3AI score0.00503EPSS
Exploits0References2Affected Software3
ptsecurity
ptsecurity
added 2023/03/15 12:0 a.m.4 views

PT-2023-15023 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.7 IBM Robotic Process Automation version 23.0.0 Description: The issue concerns a client-side validation bypass for credential pools, which may result in the creation of invalid...

6.5CVSS6.4AI score0.00503EPSS
Exploits0References7
osv
osv
added 2023/01/30 3:15 p.m.5 views

CVE-2023-0581

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...

5.3CVSS6.6AI score0.00734EPSS
Exploits0References2
attackerkb
attackerkb
added 2023/01/30 3:15 p.m.3 views

CVE-2023-0581

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...

5.3CVSS6.6AI score0.00734EPSS
Exploits0References3
prion
prion
added 2023/01/30 3:15 p.m.21 views

Design/Logic Flaw

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...

5CVSS5.3AI score0.00734EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2023/01/30 2:6 p.m.8 views

CVE-2023-0581 PrivateContent <= 8.4.3 - Protection Mechanism Bypass

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...

5.3CVSS6.6AI score0.00734EPSS
Exploits0References2
cve
cve
added 2023/01/30 2:6 p.m.54 views

CVE-2023-0581

CVE-2023-0581 affects the PrivateContent WordPress plugin (up to version 8.4.3). Root cause: login protection relies on client-side validation to determine blocklisted IPs, allowing unauthenticated bypass of login restrictions. Impact is the potential to brute-force login bypass. Mitigation: upda...

5.3CVSS5.6AI score0.00734EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2023/01/30 2:6 p.m.34 views

CVE-2023-0581 PrivateContent <= 8.4.3 - Protection Mechanism Bypass

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...

5.3CVSS5.6AI score0.00734EPSS
Exploits0References2
Rows per page
Query Builder