377 matches found
CVE-2025-31966 Boolean-Based SQL Injection in Multiple Unica Components
HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server...
CVE-2025-31966
CVE-2025-31966 : HCL Sametime is vulnerable due to broken server-side validation that fails to enforce client-side input checks. An attacker can bypass restrictions by sending manipulated HTTP requests directly to the server. The documented CVSS 3.1 metrics indicate a LOW base score (2.7), with n...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 16.0.1 to 16.1.7 had a security vulnerability. This vulnerability stemmed from treating origin: null as an absent source during server-side CSRF validation, which could lead to bypassing source verification and triggerin...
ROS-20260216-73-0024
A vulnerability in the Zabbix IT infrastructure monitoring system is related to insufficient server-side request validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...
ROS-20260216-73-0025
A vulnerability in the Zabbix IT infrastructure monitoring system is related to insufficient server-side request validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...
ROS-20260216-73-0023
A vulnerability in the Zabbix IT infrastructure monitoring system is related to insufficient server-side request validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...
Advisory ROSA-SA-2026-3115
software: apache 2.4.66 OS: ROSA-CHROME unaffected versions = apache-2.4.66-1 affected versions apache-2.4.66-1 CVE-ID: CVE-2025-66200 BDU-ID: 2025-15638 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the moduserdir module of the Apache HTTP Server web server involves bypassing the authentication...
Tucows (VDP): Password Strength Policy Bypass via Server-Side Validation Flaw
A password strength policy bypass was discovered due to a server-side validation flaw. The password strength policy was only enforced in the browser, not on the server side...
CVE-2026-24035
Horilla is a free and open source Human Resource Management System HRMS. An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without prope...
Horilla Access Control Vulnerability
Horilla is a free open-source human resources software developed by Horilla Company. Versions of Horilla from 1.4.0 to 1.5.0 contained an access control vulnerability. This vulnerability stemmed from insufficient validation of the employeeid parameter on the server side, allowing any authenticate...
CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
Exploit for CVE-2026-23478
🔐 CVE-2026-23478 — Critical Authentication Bypass !Critical...
Altium 365 security vulnerabilities
Altium 365 is a product design and development platform provided by the American company Altium. There is a security vulnerability in Altium 365, which stems from the lack of server-side input validation in the workflow form submission API. This vulnerability may lead to storage-based cross-site...
CVE-2023-31923
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be...
CVE-2022-38341
Safe Software FME Server v2021.2.5 and below does not employ server-side validation...
CVE-2025-23041
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...
Improper Input Validation
mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of server-side validation on note length, which allows an attacker to submit excessively long notes and corrupt the issue activity logs, thereby breaking the activity stream UI and preventing future...
CVE-2025-14265
CVE-2025-14265 (ScreenConnect) affects the ScreenConnect server component (not host/guest clients). The issue is due to insufficient server-side validation and integrity checks within the extension subsystem, allowing the installation and execution of untrusted or arbitrary extensions by authoriz...
CVE-2025-14265 Improper server-side validation in ScreenConnect extension framework
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
EUVD-2025-202687
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...