Lucene search
K

377 matches found

RedhatCVE
RedhatCVE
added 2025/04/25 4:37 p.m.5 views

CVE-2025-42601

This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification...

8.2CVSS6.9AI score0.00342EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/23 10:32 a.m.6 views

CVE-2025-42601 Captcha Bypass Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification...

8.2CVSS7.1AI score0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/23 10:32 a.m.19 views

CVE-2025-42601 Captcha Bypass Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification...

8.2CVSS0.00342EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.8 views

Meon KYC 安全漏洞

Meon KYC is a solution from Meon India. A security vulnerability exists in Meon KYC that stems from insufficient server-side validation of CAPTCHA by certain API endpoints, which could lead to bypassing the CAPTCHA validation mechanism...

8.2CVSS6.6AI score0.00342EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 10:15 p.m.2 views

CVE-2025-24297

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal...

9.3CVSS5.8AI score0.00412EPSS
Exploits0References1
CVE
CVE
added 2025/04/15 9:39 p.m.47 views

CVE-2025-24297

CVE-2025-24297 affects Growatt Cloud Portal (Growatt Cloud Applications). Root cause: lack of server-side input validation leading to cross-site scripting. Vulnerable component/function: plant name handling during add/edit operations (stored XSS). Impact: attackers can inject JavaScript into user...

9.8CVSS9.5AI score0.00412EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/15 12:0 a.m.9 views

The vulnerability of the Consul and Consul Enterprise service configuration tool, which stems from insufficient validation of requests on the server side, allows attackers to carry out SSRF attacks.

The vulnerability of the Consul and Consul Enterprise service configuration tool is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to carry out an SSRF attack remotely...

7.8CVSS6.7AI score0.08519EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.6 views

PT-2025-16496

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue is due to a lack of server-side input validation, allowing attackers to inject malicious JavaScript code into users' personal spaces of the web portal. Recommendations At the moment,...

9.8CVSS6.6AI score0.00412EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2025/03/14 12:0 a.m.3 views

The vulnerability of the axios library, related to insufficient validation of requests on the server side, allows a attacker to perform an SSRF attack.

The vulnerability of the axios library is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

7.8CVSS6.6AI score0.00759EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/08 1:22 a.m.10 views

CVE-2025-25497

An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...

8.1CVSS7AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2025/03/06 8:15 p.m.8 views

CVE-2025-25497

An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...

8.1CVSS0.00328EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/06 12:0 a.m.12 views

CVE-2025-25497

An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...

0.00328EPSS
Exploits0References2
CVE
CVE
added 2025/03/06 12:0 a.m.56 views

CVE-2025-25497

CVE-2025-25497 concerns Netsweeper Server prior to 8.2.7. The issue lies in the account management interface where client-side restrictions and missing server-side validation allow unauthorized changes to the "Account Owner" field, enabling account ownership reassignment to or away from any user....

8.1CVSS7.1AI score0.00328EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/06 12:0 a.m.4 views

CVE-2025-25497

An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...

7.1AI score0.00328EPSS
Exploits0References2
OSV
OSV
added 2025/03/05 7:15 p.m.3 views

CVE-2024-31525

Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...

7.2CVSS5.8AI score0.00373EPSS
Exploits0References2
NVD
NVD
added 2025/03/05 7:15 p.m.5 views

CVE-2024-31525

Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...

7.2CVSS0.00373EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/05 12:0 a.m.2 views

CVE-2024-31525

Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...

7.2AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/05 12:0 a.m.9 views

CVE-2024-31525

Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...

0.00373EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/28 12:0 a.m.4 views

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in the insufficient validation of requests at the server-side. This allows attackers to bypass security restrictions and disclose sensitive information.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in insufficient validation of requests at the server side. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and disclose sensitive information...

8.6CVSS5.4AI score0.00476EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/02/25 3:5 p.m.5 views

Arbitrary File Upload

Overview streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Arbitrary File Upload in the fileuploader.py widget, which does not enforce uploaded file type restrictions on the server side, even if they are set in the client. Remediation...

7.1CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder