345 matches found
IBM Cloud Pak for Business Automation 安全漏洞
IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. A denial of service vulnerability exists in IBM Cloud Pak for Business Automatio...
Security Bulletin: IBM Maximo Application Suite uses UI: Bypass Client-Side Validation which is vulnerable to CVE-2023-43037.
Summary IBM Maximo Application Suite uses UI: Bypass Client-Side Validation which is vulnerable to CVE-2023-43037. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-43037 DESCRIPTION: IBM Maximo Application Suite could allow an...
CVE-2024-31525
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...
CVE-2024-31525
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...
Insufficient Input Validation
Umbraco.Forms is vulnerable to insufficient input validation. The vulnerability is due to lack of server-side validation for the character limits. While the client-side validation enforces these limits in the browser, it can be bypassed by manipulating the request before it reaches the server...
CVE-2024-49824 IBM Robotic Process Automation security bypass
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation...
GHSA-9V8M-QV22-F268 Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length
Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2...
CVE-2025-23041
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...
CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...
PT-2025-4787 · Umbraco · Umbraco Forms
Name of the Vulnerable Software and Affected Versions: Umbraco.Forms versions prior to 8.13.16 Umbraco.Forms versions prior to 10.5.7 Umbraco.Forms versions prior to 13.2.2 Umbraco.Forms versions prior to 14.1.2 Description: The character limits configured by editors for short and long answer...
CVE-2024-52008
Fides (open-source privacy engineering platform) has a password policy bypass in its invite flow. The /api/v1/user/accept-invite endpoint does not enforce the server-side password policy, allowing an invited user to set an arbitrarily weak password during initial account setup despite UI client-s...
GHSA-V7VM-RHMG-8J2R Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
Summary The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the...
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
Summary The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the...
CVE-2024-43188
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...
CVE-2024-43188 IBM Business Automation Workflow improper input validation
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...
CVE-2024-43188 IBM Business Automation Workflow improper input validation
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...
CVE-2024-43188
CVE-2024-43188 affects IBM’s Business Automation Workflow Center and related components. The issue arises from improper client-side input validation, enabling a privileged user to perform unauthorized activities in affected releases. Affected versions include IBM Business Automation Workflow trad...
Online ID Generator 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online ID Generator 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | ...
Online Banking System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online Banking System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...
LimeSurvey Community 5.3.32 Cross Site Scripting
Exploit Title: Stored Cross-Site Scripting XSS in LimeSurvey Community Edition Version 5.3.32+220817 Exploit Author: Subhankar Singh Date: 2024-02-03 Vendor: LimeSurvey Software Link: https://community.limesurvey.org/releases/ Version: LimeSurvey Community Edition Version 5.3.32+220817 Tested on:...