Lucene search
+L

27 matches found

OSV
OSV
added 2026/06/04 5:50 p.m.3 views

CVE-2026-41235 Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement

Froxlor is open source server administration software. Version 2.3.6 lets administrators configure system.availableshells as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit...

9.4CVSS6AI score0.00227EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:44 p.m.5 views

CVE-2026-10863

A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user to override the server-defined ordering of over-correlating values. Depending on how the value wa...

6.4CVSS5.8AI score0.00225EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 1:44 p.m.43 views

CVE-2026-10863 MISP User-controlled order parameter in correlations over-correlation endpoint

A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user to override the server-defined ordering of over-correlating values. Depending on how the value wa...

6.4CVSS0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 9:9 p.m.95 views

CVE-2026-44260 efw4.X: readonly Flag Not Enforced Server-Side

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.6 views

CVE-2026-33687

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...

8.8CVSS5.8AI score0.00507EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 10:16 p.m.5 views

CVE-2026-33687

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...

8.8CVSS0.00507EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/26 9:47 p.m.4 views

CVE-2026-33687 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...

8.8CVSS5.8AI score0.00507EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/25 8:0 p.m.7 views

Sharp has Unrestricted File Upload via Client-Controlled Validation Rules

Summary The code16/sharp Laravel admin panel package contains a vulnerability in its file upload endpoint that allows authenticated users to bypass all file type restrictions. Details The upload endpoint within the ApiFormUploadController accepts a client-controlled validationrule parameter. This...

8.8CVSS6.1AI score0.00507EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/25 8:0 p.m.4 views

GHSA-FR76-5637-W3G9 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules

Summary The code16/sharp Laravel admin panel package contains a vulnerability in its file upload endpoint that allows authenticated users to bypass all file type restrictions. Details The upload endpoint within the ApiFormUploadController accepts a client-controlled validationrule parameter. This...

8.8CVSS6.1AI score0.00507EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/07 9:59 p.m.5 views

CVE-2026-25568

WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...

7.1CVSS5.3AI score0.0019EPSS
Exploits0References4
OSV
OSV
added 2026/02/07 9:59 p.m.5 views

CVE-2026-25568 WeKan < 8.19 allowPrivateOnly Setting Enforcement Bypass

WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...

7.1CVSS5.9AI score0.0019EPSS
Exploits0References6
CNVD
CNVD
added 2026/01/30 12:0 a.m.9 views

IBM ApplinX Unauthorized Access Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An unauthorized access vulnerability exists in IBM ApplinX that stems from insufficient server-side enforcement of client-side security, which could be...

4.3CVSS5.6AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 9:15 a.m.6 views

CVE-2026-1363

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end...

9.8CVSS0.00538EPSS
Exploits0References2
NVD
NVD
added 2026/01/20 4:16 p.m.6 views

CVE-2025-36410

IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security...

4.3CVSS0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 3:39 p.m.8 views

CVE-2025-36410 Multiple vulnerabilities found in IBM ApplinX.

IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security...

3.1CVSS5.5AI score0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 3:39 p.m.4 views

CVE-2025-36410

IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security...

4.3CVSS5.3AI score0.00159EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.22 views

IBM ApplinX 安全漏洞

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An unauthorized access vulnerability exists in IBM ApplinX that stems from insufficient server-side enforcement of client-side security, which could be...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.15 views

PT-2026-3626

IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security...

3.1CVSS5.5AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.7 views

PT-2025-48454

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes...

6.8AI score0.0023EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.8 views

Turkguven Perfektive 安全漏洞

Turkguven Perfektive is an occupational health and safety management software from Turkguven, Turkey. A security vulnerability exists in versions prior to Turkguven Perfektive 12574 Build 2701, which stems from improperly limiting over-authentication attempts, server-side security client...

7.3CVSS7.1AI score0.00277EPSS
Exploits0References1
Rows per page
Query Builder