Lucene search
K

377 matches found

Cvelist
Cvelist
added 2026/03/17 11:29 a.m.32 views

CVE-2025-31966 Boolean-Based SQL Injection in Multiple Unica Components

HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server...

2.7CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/03/17 11:29 a.m.15 views

CVE-2025-31966

CVE-2025-31966 : HCL Sametime is vulnerable due to broken server-side validation that fails to enforce client-side input checks. An attacker can bypass restrictions by sending manipulated HTTP requests directly to the server. The documented CVSS 3.1 metrics indicate a LOW base score (2.7), with n...

2.7CVSS5.9AI score0.00194EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.7 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 16.0.1 to 16.1.7 had a security vulnerability. This vulnerability stemmed from treating origin: null as an absent source during server-side CSRF validation, which could lead to bypassing source verification and triggerin...

5.3CVSS5.7AI score0.002EPSS
Exploits1References4
Redos
Redos
added 2026/02/16 12:0 a.m.6 views

ROS-20260216-73-0024

A vulnerability in the Zabbix IT infrastructure monitoring system is related to insufficient server-side request validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...

6.8CVSS5.6AI score0.00311EPSS
Exploits0
Redos
Redos
added 2026/02/16 12:0 a.m.7 views

ROS-20260216-73-0025

A vulnerability in the Zabbix IT infrastructure monitoring system is related to insufficient server-side request validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...

6.8CVSS5.6AI score0.00311EPSS
Exploits0
Redos
Redos
added 2026/02/16 12:0 a.m.6 views

ROS-20260216-73-0023

A vulnerability in the Zabbix IT infrastructure monitoring system is related to insufficient server-side request validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...

6.8CVSS5.6AI score0.00311EPSS
Exploits0
Rosalinux
Rosalinux
added 2026/01/26 8:35 a.m.9 views

Advisory ROSA-SA-2026-3115

software: apache 2.4.66 OS: ROSA-CHROME unaffected versions = apache-2.4.66-1 affected versions apache-2.4.66-1 CVE-ID: CVE-2025-66200 BDU-ID: 2025-15638 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the moduserdir module of the Apache HTTP Server web server involves bypassing the authentication...

8.3CVSS6.2AI score0.01527EPSS
Exploits0
Hacker One
Hacker One
added 2026/01/25 11:41 a.m.10 views

Tucows (VDP): Password Strength Policy Bypass via Server-Side Validation Flaw

A password strength policy bypass was discovered due to a server-side validation flaw. The password strength policy was only enforced in the browser, not on the server side...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/01/22 2:43 a.m.4 views

CVE-2026-24035

Horilla is a free and open source Human Resource Management System HRMS. An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without prope...

4.3CVSS5.3AI score0.00289EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

Horilla Access Control Vulnerability

Horilla is a free open-source human resources software developed by Horilla Company. Versions of Horilla from 1.4.0 to 1.5.0 contained an access control vulnerability. This vulnerability stemmed from insufficient validation of the employeeid parameter on the server side, allowing any authenticate...

4.3CVSS5.8AI score0.00289EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/17 6:42 a.m.2 views

CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter

The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...

5.3CVSS5.4AI score0.00312EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/01/15 11:10 a.m.195 views

Exploit for CVE-2026-23478

🔐 CVE-2026-23478 — Critical Authentication Bypass !Critical...

10CVSS7.3AI score0.004EPSS
Exploits1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.9 views

Altium 365 security vulnerabilities

Altium 365 is a product design and development platform provided by the American company Altium. There is a security vulnerability in Altium 365, which stems from the lack of server-side input validation in the workflow form submission API. This vulnerability may lead to storage-based cross-site...

8CVSS5.6AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.5 views

CVE-2023-31923

Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be...

8.8CVSS6.8AI score0.00863EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.4 views

CVE-2022-38341

Safe Software FME Server v2021.2.5 and below does not employ server-side validation...

7.1CVSS6.9AI score0.005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.7 views

CVE-2025-23041

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...

5.8CVSS6.7AI score0.00363EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 6:49 a.m.5 views

Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of server-side validation on note length, which allows an attacker to submit excessively long notes and corrupt the issue activity logs, thereby breaking the activity stream UI and preventing future...

7.5CVSS5.8AI score0.00375EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/12/11 2:21 p.m.20 views

CVE-2025-14265

CVE-2025-14265 (ScreenConnect) affects the ScreenConnect server component (not host/guest clients). The issue is due to insufficient server-side validation and integrity checks within the extension subsystem, allowing the installation and execution of untrusted or arbitrary extensions by authoriz...

9.1CVSS6.9AI score0.00324EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/11 2:21 p.m.26 views

CVE-2025-14265 Improper server-side validation in ScreenConnect extension framework

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 2:21 p.m.4 views

EUVD-2025-202687

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS6.8AI score0.00324EPSS
Exploits0References2
Rows per page
Query Builder