377 matches found
The vulnerability of the Microsoft Dynamics 365 Sales resource planning software server lies in insufficient validation of requests on the server side, allowing attackers to increase their privileges.
The vulnerability of the Microsoft Dynamics 365 Sales resource planning software server relates to insufficient validation of requests on the server side. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficient validation of requests on the server side. This allows a hacker to execute an SSRF attack.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient testing of server-side requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability of Microsoft Purview’s data management tool, related to insufficient validation of server-side requests, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Microsoft Purview data management tool is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
CVE-2024-25063
Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to...
CVE-2024-32866
Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...
Insufficient Input Validation
Umbraco.Forms is vulnerable to insufficient input validation. The vulnerability is due to lack of server-side validation for the character limits. While the client-side validation enforces these limits in the browser, it can be bypassed by manipulating the request before it reaches the server...
Improper Input Validation
Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Improper Input Validation due to the lack of server-side validation for character limits in short and long answer fields. An attacker can bypass client-side validations and submi...
GHSA-9V8M-QV22-F268 Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length
Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2...
Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length
Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2...
CVE-2025-23041
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...
CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...
PT-2025-4787 · Umbraco · Umbraco Forms
Name of the Vulnerable Software and Affected Versions: Umbraco.Forms versions prior to 8.13.16 Umbraco.Forms versions prior to 10.5.7 Umbraco.Forms versions prior to 13.2.2 Umbraco.Forms versions prior to 14.1.2 Description: The character limits configured by editors for short and long answer...
Incorrect Access Control
oqtane.framework is vulnerable to Incorrect Access Control. The vulnerability is due to relying on client-side information for authentication and the absence of server-side validation, which allows attackers to manipulate parameters like entityid and bypass security controls...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation via the entityid parameter in the /api/Setting endpoint, due to insufficient server-side validation of authentication and authorization. Remediation Upgrade Oqtane.Server to version 6.0.1 or higher. References - GitHu...
Oqtane Framework Incorrect Access Control vulnerability
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...
GHSA-995C-QWW8-64FJ Oqtane Framework Incorrect Access Control vulnerability
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...
CVE-2024-55470
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...
PT-2024-36525 · Unknown · Oqtane Framework
Name of the Vulnerable Software and Affected Versions: Oqtane Framework version 6.0.0 Description: The issue concerns Incorrect Access Control, allowing attackers to bypass passcode validation by manipulating the entityid parameter. This enables them to log into the application or access restrict...
CVE-2024-55470
Oqtane Framework 6.0.0 is affected by Incorrect Access Control. The vulnerability arises from insufficient server-side validation of the entityid parameter, allowing an attacker to bypass passcode validation and log in or access restricted data. The root cause is reliance on client-side authentic...
Uptime Kuma 路径遍历漏洞
Uptime Kuma is an easy-to-use, self-hosted monitoring tool from the individual developer Louis Lam. A path traversal vulnerability exists in Uptime Kuma versions 1.23.0 through 1.23.15 and 2.0.0-beta.0, which stems from a lack of server-side validation and cleanup stemming from a URL field in the...