Lucene search
K

345 matches found

CNNVD
CNNVD
added 2025/05/03 12:0 a.m.4 views

IBM Cloud Pak for Business Automation 安全漏洞

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. A denial of service vulnerability exists in IBM Cloud Pak for Business Automatio...

6.5CVSS6.6AI score0.00321EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 9:49 a.m.14 views

Security Bulletin: IBM Maximo Application Suite uses UI: Bypass Client-Side Validation which is vulnerable to CVE-2023-43037.

Summary IBM Maximo Application Suite uses UI: Bypass Client-Side Validation which is vulnerable to CVE-2023-43037. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-43037 DESCRIPTION: IBM Maximo Application Suite could allow an...

6.5CVSS6.3AI score0.0029EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/03/05 7:15 p.m.5 views

CVE-2024-31525

Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...

7.2CVSS5.8AI score0.00373EPSS
Exploits0References2
NVD
NVD
added 2025/03/05 7:15 p.m.7 views

CVE-2024-31525

Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...

7.2CVSS0.00373EPSS
Exploits0References2
Veracode
Veracode
added 2025/01/20 5:39 a.m.4 views

Insufficient Input Validation

Umbraco.Forms is vulnerable to insufficient input validation. The vulnerability is due to lack of server-side validation for the character limits. While the client-side validation enforces these limits in the browser, it can be bypassed by manipulating the request before it reaches the server...

5.8CVSS6.7AI score0.00363EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2025/01/18 3:11 p.m.15 views

CVE-2024-49824 IBM Robotic Process Automation security bypass

IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation...

6.5CVSS0.00313EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 7:41 p.m.5 views

GHSA-9V8M-QV22-F268 Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length

Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2...

5.8CVSS6.7AI score0.00363EPSS
Exploits0References2
NVD
NVD
added 2025/01/14 7:15 p.m.10 views

CVE-2025-23041

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...

5.8CVSS0.00363EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 6:54 p.m.5 views

CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...

5.8CVSS6.8AI score0.00363EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.14 views

PT-2025-4787 · Umbraco · Umbraco Forms

Name of the Vulnerable Software and Affected Versions: Umbraco.Forms versions prior to 8.13.16 Umbraco.Forms versions prior to 10.5.7 Umbraco.Forms versions prior to 13.2.2 Umbraco.Forms versions prior to 14.1.2 Description: The character limits configured by editors for short and long answer...

5.8CVSS7.2AI score0.00363EPSS
Exploits0References6
CVE
CVE
added 2024/11/26 6:52 p.m.2797 views

CVE-2024-52008

Fides (open-source privacy engineering platform) has a password policy bypass in its invite flow. The /api/v1/user/accept-invite endpoint does not enforce the server-side password policy, allowing an invited user to set an arbitrarily weak password during initial account setup despite UI client-s...

8.8CVSS6.5AI score0.00536EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/26 4:36 p.m.12 views

GHSA-V7VM-RHMG-8J2R Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API

Summary The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the...

5.7CVSS6.3AI score0.00536EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/11/26 4:36 p.m.23 views

Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API

Summary The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the...

8.8CVSS6.7AI score0.00536EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/09/18 12:15 p.m.2 views

CVE-2024-43188

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...

4.9CVSS5.8AI score0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/18 11:39 a.m.13 views

CVE-2024-43188 IBM Business Automation Workflow improper input validation

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...

4.9CVSS6.6AI score0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/18 11:39 a.m.20 views

CVE-2024-43188 IBM Business Automation Workflow improper input validation

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...

4.9CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2024/09/18 11:39 a.m.56 views

CVE-2024-43188

CVE-2024-43188 affects IBM’s Business Automation Workflow Center and related components. The issue arises from improper client-side input validation, enabling a privileged user to perform unauthorized activities in affected releases. Affected versions include IBM Business Automation Workflow trad...

4.9CVSS4.9AI score0.00324EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2024/08/22 12:0 a.m.315 views

Online ID Generator 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Online ID Generator 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.262 views

Online Banking System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Online Banking System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/26 12:0 a.m.281 views

LimeSurvey Community 5.3.32 Cross Site Scripting

Exploit Title: Stored Cross-Site Scripting XSS in LimeSurvey Community Edition Version 5.3.32+220817 Exploit Author: Subhankar Singh Date: 2024-02-03 Vendor: LimeSurvey Software Link: https://community.limesurvey.org/releases/ Version: LimeSurvey Community Edition Version 5.3.32+220817 Tested on:...

7.2AI score0.00677EPSS
Exploits4
Rows per page
Query Builder