cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-45794,https://securityvulnerability.io/vulnerability/CVE-2023-45794,Capture-Replay Vulnerability in Mendix Applications by Mendix,"A capture-replay flaw exists in Mendix Applications which impacts various versions across multiple Mendix platforms. This vulnerability could be exploited by authenticated attackers to gain unauthorized access or modify objects within the application. The risk is contingent upon specific preconditions based on the application's model and access control design, potentially enabling privilege escalation in the context of vulnerable apps. Organizations using Mendix should assess the security of their applications and implement necessary controls to mitigate this risk.",Siemens,"Mendix Applications using Mendix 10,Mendix Applications using Mendix 7,Mendix Applications using Mendix 8,Mendix Applications using Mendix 9",8.1,HIGH,0.0005499999970197678,false,,false,false,false,,false,false,2023-11-14T11:15:00.000Z,0
CVE-2023-23835,https://securityvulnerability.io/vulnerability/CVE-2023-23835,XPath Bypass Vulnerability in Mendix Applications,"A security issue has been discovered in Mendix Applications that enables unauthorized access to sensitive data through the exploitation of their runtime APIs. Attackers can bypass established XPath constraints, allowing them to execute error-triggering XPath queries. This issue affects multiple versions of Mendix 7, 8, and 9, potentially leading to unauthorized information retrieval and posing significant security risks for applications built on this platform.",Siemens,"Mendix Applications using Mendix 7,Mendix Applications using Mendix 8,Mendix Applications using Mendix 9,Mendix Applications using Mendix 9 (V9.12),Mendix Applications using Mendix 9 (V9.18),Mendix Applications using Mendix 9 (V9.6)",7.5,HIGH,0.001230000052601099,false,,false,false,false,,false,false,2023-02-14T11:15:00.000Z,0
CVE-2022-31257,https://securityvulnerability.io/vulnerability/CVE-2022-31257,Password Bypass Vulnerability in Mendix Applications by Mendix,"A vulnerability exists in Mendix applications that could allow an attacker with access to an active user session to bypass password validation. This flaw affects multiple versions of Mendix 7, 8, and 9, enabling the attacker to potentially set weak passwords, compromising user security. Organizations using the affected versions should take immediate measures to update their applications to mitigate this risk.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9,Mendix Applications Using Mendix 9 (v9.12),Mendix Applications Using Mendix 9 (v9.6)",7.5,HIGH,0.0007300000288523734,false,,false,false,false,,false,false,2022-07-12T10:06:43.000Z,0
CVE-2022-27241,https://securityvulnerability.io/vulnerability/CVE-2022-27241,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9,Mendix Applications Using Mendix 9 (v9.6)",7.5,HIGH,0.003470000112429261,false,,false,false,false,,false,false,2022-04-12T09:08:00.000Z,0
CVE-2022-25650,https://securityvulnerability.io/vulnerability/CVE-2022-25650,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). When querying the database, it is possible to sort the results using a protected field. With this an authenticated attacker could extract information about the contents of a protected field.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9,Mendix Applications Using Mendix 9 (v9.6)",6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2022-04-12T09:07:42.000Z,0
CVE-2022-26317,https://securityvulnerability.io/vulnerability/CVE-2022-26317,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29). When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with predictable identifiers for Microflow execution calls, this could allow a malicious attacker to retrieve information about arbitrary Microflow execution calls made by users within the affected system.",Siemens,Mendix Applications Using Mendix 7,6.5,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2022-03-08T11:31:37.000Z,0
CVE-2021-42015,https://securityvulnerability.io/vulnerability/CVE-2021-42015,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,false,false,2021-11-09T11:32:14.000Z,0
CVE-2021-33718,https://securityvulnerability.io/vulnerability/CVE-2021-33718,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be bypassed, if user has a write permissions to the first attribute of this object.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9",5.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-07-13T11:03:06.000Z,0
CVE-2021-27394,https://securityvulnerability.io/vulnerability/CVE-2021-27394,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 8 (v8.12),Mendix Applications Using Mendix 8 (v8.6),Mendix Applications Using Mendix 9",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,false,false,2021-04-16T20:00:14.000Z,0