Lucene search
K

377 matches found

BDU FSTEC
BDU FSTEC
added 2025/02/20 12:0 a.m.5 views

The vulnerability of the Microsoft Dynamics 365 Sales resource planning software server lies in insufficient validation of requests on the server side, allowing attackers to increase their privileges.

The vulnerability of the Microsoft Dynamics 365 Sales resource planning software server relates to insufficient validation of requests on the server side. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

8.7CVSS7.7AI score0.01155EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/14 12:0 a.m.8 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficient validation of requests on the server side. This allows a hacker to execute an SSRF attack.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient testing of server-side requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

2.6CVSS5.5AI score0.00307EPSS
Exploits1References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.7 views

The vulnerability of Microsoft Purview’s data management tool, related to insufficient validation of server-side requests, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Microsoft Purview data management tool is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

9CVSS7.8AI score0.24441EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/05 1:0 p.m.9 views

CVE-2024-25063

Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to...

7.5CVSS6.9AI score0.00567EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:3 a.m.8 views

CVE-2024-32866

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

8.6CVSS6.7AI score0.00725EPSS
Exploits0References1
Veracode
Veracode
added 2025/01/20 5:39 a.m.4 views

Insufficient Input Validation

Umbraco.Forms is vulnerable to insufficient input validation. The vulnerability is due to lack of server-side validation for the character limits. While the client-side validation enforces these limits in the browser, it can be bypassed by manipulating the request before it reaches the server...

5.8CVSS6.7AI score0.00363EPSS
Exploits0References2Affected Software2
Snyk
Snyk
added 2025/01/14 7:41 p.m.2 views

Improper Input Validation

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Improper Input Validation due to the lack of server-side validation for character limits in short and long answer fields. An attacker can bypass client-side validations and submi...

6.9CVSS6.9AI score0.00363EPSS
Exploits0References2
OSV
OSV
added 2025/01/14 7:41 p.m.5 views

GHSA-9V8M-QV22-F268 Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length

Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2...

5.8CVSS6.7AI score0.00363EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/01/14 7:41 p.m.14 views

Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length

Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2...

5.8CVSS6.7AI score0.00363EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2025/01/14 7:15 p.m.9 views

CVE-2025-23041

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...

5.8CVSS0.00363EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 6:54 p.m.5 views

CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...

5.8CVSS6.8AI score0.00363EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.8 views

PT-2025-4787 · Umbraco · Umbraco Forms

Name of the Vulnerable Software and Affected Versions: Umbraco.Forms versions prior to 8.13.16 Umbraco.Forms versions prior to 10.5.7 Umbraco.Forms versions prior to 13.2.2 Umbraco.Forms versions prior to 14.1.2 Description: The character limits configured by editors for short and long answer...

5.8CVSS7.2AI score0.00363EPSS
Exploits0References6
Veracode
Veracode
added 2025/01/02 9:6 a.m.7 views

Incorrect Access Control

oqtane.framework is vulnerable to Incorrect Access Control. The vulnerability is due to relying on client-side information for authentication and the absence of server-side validation, which allows attackers to manipulate parameters like entityid and bypass security controls...

7.5CVSS7.3AI score0.00447EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2024/12/20 6:31 p.m.2 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the entityid parameter in the /api/Setting endpoint, due to insufficient server-side validation of authentication and authorization. Remediation Upgrade Oqtane.Server to version 6.0.1 or higher. References - GitHu...

8.7CVSS7.2AI score0.00447EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/12/20 6:31 p.m.13 views

Oqtane Framework Incorrect Access Control vulnerability

Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...

7.5CVSS6.7AI score0.00447EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2024/12/20 6:31 p.m.7 views

GHSA-995C-QWW8-64FJ Oqtane Framework Incorrect Access Control vulnerability

Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...

8.7CVSS7.5AI score0.00447EPSS
Exploits0References4
NVD
NVD
added 2024/12/20 4:15 p.m.11 views

CVE-2024-55470

Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...

7.5CVSS0.00447EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.4 views

PT-2024-36525 · Unknown · Oqtane Framework

Name of the Vulnerable Software and Affected Versions: Oqtane Framework version 6.0.0 Description: The issue concerns Incorrect Access Control, allowing attackers to bypass passcode validation by manipulating the entityid parameter. This enables them to log into the application or access restrict...

7.5CVSS7.3AI score0.00447EPSS
Exploits0References10
CVE
CVE
added 2024/12/20 12:0 a.m.49 views

CVE-2024-55470

Oqtane Framework 6.0.0 is affected by Incorrect Access Control. The vulnerability arises from insufficient server-side validation of the entityid parameter, allowing an attacker to bypass passcode validation and log in or access restricted data. The root cause is reliance on client-side authentic...

7.5CVSS6.8AI score0.00447EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/20 12:0 a.m.2 views

Uptime Kuma 路径遍历漏洞

Uptime Kuma is an easy-to-use, self-hosted monitoring tool from the individual developer Louis Lam. A path traversal vulnerability exists in Uptime Kuma versions 1.23.0 through 1.23.15 and 2.0.0-beta.0, which stems from a lack of server-side validation and cleanup stemming from a URL field in the...

6.8CVSS6.2AI score0.01793EPSS
Exploits0References3
Rows per page
Query Builder