cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-23835,https://securityvulnerability.io/vulnerability/CVE-2023-23835,XPath Bypass Vulnerability in Mendix Applications,"A security issue has been discovered in Mendix Applications that enables unauthorized access to sensitive data through the exploitation of their runtime APIs. Attackers can bypass established XPath constraints, allowing them to execute error-triggering XPath queries. This issue affects multiple versions of Mendix 7, 8, and 9, potentially leading to unauthorized information retrieval and posing significant security risks for applications built on this platform.",Siemens,"Mendix Applications using Mendix 7,Mendix Applications using Mendix 8,Mendix Applications using Mendix 9,Mendix Applications using Mendix 9 (V9.12),Mendix Applications using Mendix 9 (V9.18),Mendix Applications using Mendix 9 (V9.6)",7.5,HIGH,0.001230000052601099,false,,false,false,false,,false,false,2023-02-14T11:15:00.000Z,0
CVE-2022-34466,https://securityvulnerability.io/vulnerability/CVE-2022-34466,Expression Injection Vulnerability in Mendix Runtime Applications,"An expression injection vulnerability has been found in the Workflow subsystem of Mendix Runtime, which affects various versions of Mendix 9 applications. This vulnerability may allow malicious users to exploit specific configurations, potentially leading to sensitive information leakage. Application developers must ensure that they apply the latest updates to protect their systems from such threats.",Siemens,"Mendix Applications Using Mendix 9,Mendix Applications Using Mendix 9 (v9.12)",6.5,MEDIUM,0.0009200000204145908,false,,false,false,false,,false,false,2022-07-12T10:07:22.000Z,0
CVE-2022-31257,https://securityvulnerability.io/vulnerability/CVE-2022-31257,Password Bypass Vulnerability in Mendix Applications by Mendix,"A vulnerability exists in Mendix applications that could allow an attacker with access to an active user session to bypass password validation. This flaw affects multiple versions of Mendix 7, 8, and 9, enabling the attacker to potentially set weak passwords, compromising user security. Organizations using the affected versions should take immediate measures to update their applications to mitigate this risk.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9,Mendix Applications Using Mendix 9 (v9.12),Mendix Applications Using Mendix 9 (v9.6)",7.5,HIGH,0.0007300000288523734,false,,false,false,false,,false,false,2022-07-12T10:06:43.000Z,0