377 matches found
CVE-2025-53545
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit...
CVE-2025-53545 Press has a potential 2FA bypass
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit...
Frappe Technologies Frappe 授权问题漏洞
Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. Frappe Technologies Frappe suffers from an authorization issue vulnerability that stems from a lack of server-side validation, which could lead to...
PT-2025-28475 · Frappe · Press
Name of the Vulnerable Software and Affected Versions: Press versions affected versions not specified Description: The issue concerns a lack of server-side validation for 2FA login, allowing users to circumvent this security measure. Press is a Frappe custom app that manages infrastructure,...
PT-2025-28656 · Ibm · Ibm Openpages With Watson
Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue is related to improper input validation. This occurs due to the bypassing of client-side validation for data types and the requiredness of fields for GRC Objects. When ...
Mars: Order More Than Maximum Allowed Quantity
The business logic vulnerability allowed users to bypass the product quantity limits 1-20 items through parameter manipulation. While the user interface enforced these limits, the necessary server-side validation was missing...
CVE-2024-25064
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values...
CVE-2024-55470
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...
CVE-2024-48927
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...
CVE-2024-20476
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...
CVE-2023-34452
Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgotpassword" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an...
CVE-2022-1001
The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is...
CVE-2018-17791
Newgen OmniFlow Intelligent Business Process Suite iBPS 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business...
CVE-2025-20113
A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HT...
PT-2025-22377 · Cisco · Cisco Unified Intelligence Center
Name of the Vulnerable Software and Affected Versions: Cisco Unified Intelligence Center affected versions not specified Description: The issue is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this by submitting a crafted...
The vulnerability of the Azure Storage Resource Provider package, due to insufficient validation of server-side requests, allows a attacker to execute an SSRF attack.
The vulnerability of the Azure Storage Resource Provider package is related to insufficient validation of requests at the server side. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...
The vulnerability of the MouseTooltipTranslator extension in the Google Chrome browser allows a hacker to perform an SSRF attack.
The vulnerability of the MouseTooltipTranslator extension in the Google Chrome browser is related to insufficient validation of requests on the server side. Exploiting this vulnerability can allow a malicious actor to perform an SSRF attack remotely...
PT-2025-19707 · Outsystems · Outsystems
Name of the Vulnerable Software and Affected Versions: Outsystems versions prior to 3.1.0 Description: The issue arises because file extension and size validations are enforced solely on the client side in the Outsystems Multiple File Upload feature. This allows an attacker to intercept the uploa...
BIT-KIBANA-2025-25016 Kibana Unrestricted Upload of File
Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation...
Elastic Kibana 安全漏洞
Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana versions prior to 8.13.0 that stems from insufficient server-side validation resulting in an authenticated attacker being able to upload malicious files...