Lucene search
K

377 matches found

NVD
NVD
added 2025/07/08 3:15 p.m.4 views

CVE-2025-53545

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit...

6.9CVSS0.00299EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/08 3:2 p.m.3 views

CVE-2025-53545 Press has a potential 2FA bypass

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit...

6.9CVSS7AI score0.00299EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.3 views

Frappe Technologies Frappe 授权问题漏洞

Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. Frappe Technologies Frappe suffers from an authorization issue vulnerability that stems from a lack of server-side validation, which could lead to...

6.9CVSS6.6AI score0.00299EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.11 views

PT-2025-28475 · Frappe · Press

Name of the Vulnerable Software and Affected Versions: Press versions affected versions not specified Description: The issue concerns a lack of server-side validation for 2FA login, allowing users to circumvent this security measure. Press is a Frappe custom app that manages infrastructure,...

6.9CVSS6.1AI score0.00299EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.4 views

PT-2025-28656 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue is related to improper input validation. This occurs due to the bypassing of client-side validation for data types and the requiredness of fields for GRC Objects. When ...

6.5CVSS5.6AI score0.00221EPSS
Exploits0References4
Hacker One
Hacker One
added 2025/06/09 11:56 p.m.6 views

Mars: Order More Than Maximum Allowed Quantity

The business logic vulnerability allowed users to bypass the product quantity limits 1-20 items through parameter manipulation. While the user interface enforced these limits, the necessary server-side validation was missing...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:46 a.m.5 views

CVE-2024-25064

Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values...

4.3CVSS6.8AI score0.00425EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.6 views

CVE-2024-55470

Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...

7.5CVSS6.7AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:30 a.m.9 views

CVE-2024-48927

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...

4.6CVSS7.8AI score0.00428EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:23 a.m.9 views

CVE-2024-20476

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

4.9CVSS6.8AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:23 a.m.7 views

CVE-2023-34452

Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgotpassword" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an...

6.1CVSS6.9AI score0.00592EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:13 p.m.9 views

CVE-2022-1001

The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is...

4.8CVSS6.4AI score0.04902EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:46 p.m.9 views

CVE-2018-17791

Newgen OmniFlow Intelligent Business Process Suite iBPS 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business...

7.5CVSS6.4AI score0.01905EPSS
Exploits0References1
OSV
OSV
added 2025/05/21 5:15 p.m.6 views

CVE-2025-20113

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HT...

7.1CVSS5.8AI score0.00357EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.3 views

PT-2025-22377 · Cisco · Cisco Unified Intelligence Center

Name of the Vulnerable Software and Affected Versions: Cisco Unified Intelligence Center affected versions not specified Description: The issue is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this by submitting a crafted...

7.5CVSS5.7AI score0.00357EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2025/05/14 12:0 a.m.4 views

The vulnerability of the Azure Storage Resource Provider package, due to insufficient validation of server-side requests, allows a attacker to execute an SSRF attack.

The vulnerability of the Azure Storage Resource Provider package is related to insufficient validation of requests at the server side. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

9.9CVSS7.8AI score0.02621EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2025/05/09 12:0 a.m.5 views

The vulnerability of the MouseTooltipTranslator extension in the Google Chrome browser allows a hacker to perform an SSRF attack.

The vulnerability of the MouseTooltipTranslator extension in the Google Chrome browser is related to insufficient validation of requests on the server side. Exploiting this vulnerability can allow a malicious actor to perform an SSRF attack remotely...

5.8CVSS5.4AI score0.00452EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.6 views

PT-2025-19707 · Outsystems · Outsystems

Name of the Vulnerable Software and Affected Versions: Outsystems versions prior to 3.1.0 Description: The issue arises because file extension and size validations are enforced solely on the client side in the Outsystems Multiple File Upload feature. This allows an attacker to intercept the uploa...

6.4CVSS6.6AI score0.00279EPSS
Exploits0References7
OSV
OSV
added 2025/05/03 5:46 a.m.6 views

BIT-KIBANA-2025-25016 Kibana Unrestricted Upload of File

Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation...

4.3CVSS4.4AI score0.00274EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.5 views

Elastic Kibana 安全漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana versions prior to 8.13.0 that stems from insufficient server-side validation resulting in an authenticated attacker being able to upload malicious files...

4.3CVSS6.5AI score0.00274EPSS
Exploits0References1
Rows per page
Query Builder