377 matches found
CVE-2025-42601
This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification...
CVE-2025-42601 Captcha Bypass Vulnerability in Meon KYC solutions
This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification...
CVE-2025-42601 Captcha Bypass Vulnerability in Meon KYC solutions
This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification...
Meon KYC 安全漏洞
Meon KYC is a solution from Meon India. A security vulnerability exists in Meon KYC that stems from insufficient server-side validation of CAPTCHA by certain API endpoints, which could lead to bypassing the CAPTCHA validation mechanism...
CVE-2025-24297
Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal...
CVE-2025-24297
CVE-2025-24297 affects Growatt Cloud Portal (Growatt Cloud Applications). Root cause: lack of server-side input validation leading to cross-site scripting. Vulnerable component/function: plant name handling during add/edit operations (stored XSS). Impact: attackers can inject JavaScript into user...
The vulnerability of the Consul and Consul Enterprise service configuration tool, which stems from insufficient validation of requests on the server side, allows attackers to carry out SSRF attacks.
The vulnerability of the Consul and Consul Enterprise service configuration tool is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to carry out an SSRF attack remotely...
PT-2025-16496
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue is due to a lack of server-side input validation, allowing attackers to inject malicious JavaScript code into users' personal spaces of the web portal. Recommendations At the moment,...
The vulnerability of the axios library, related to insufficient validation of requests on the server side, allows a attacker to perform an SSRF attack.
The vulnerability of the axios library is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...
CVE-2025-25497
An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...
CVE-2025-25497
An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...
CVE-2025-25497
An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...
CVE-2025-25497
CVE-2025-25497 concerns Netsweeper Server prior to 8.2.7. The issue lies in the account management interface where client-side restrictions and missing server-side validation allow unauthorized changes to the "Account Owner" field, enabling account ownership reassignment to or away from any user....
CVE-2025-25497
An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...
CVE-2024-31525
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...
CVE-2024-31525
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...
CVE-2024-31525
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...
CVE-2024-31525
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in the insufficient validation of requests at the server-side. This allows attackers to bypass security restrictions and disclose sensitive information.
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in insufficient validation of requests at the server side. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and disclose sensitive information...
Arbitrary File Upload
Overview streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Arbitrary File Upload in the fileuploader.py widget, which does not enforce uploaded file type restrictions on the server side, even if they are set in the client. Remediation...