cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-23835,https://securityvulnerability.io/vulnerability/CVE-2023-23835,XPath Bypass Vulnerability in Mendix Applications,"A security issue has been discovered in Mendix Applications that enables unauthorized access to sensitive data through the exploitation of their runtime APIs. Attackers can bypass established XPath constraints, allowing them to execute error-triggering XPath queries. This issue affects multiple versions of Mendix 7, 8, and 9, potentially leading to unauthorized information retrieval and posing significant security risks for applications built on this platform.",Siemens,"Mendix Applications using Mendix 7,Mendix Applications using Mendix 8,Mendix Applications using Mendix 9,Mendix Applications using Mendix 9 (V9.12),Mendix Applications using Mendix 9 (V9.18),Mendix Applications using Mendix 9 (V9.6)",7.5,HIGH,0.001230000052601099,false,,false,false,false,,false,false,2023-02-14T11:15:00.000Z,0
CVE-2022-31257,https://securityvulnerability.io/vulnerability/CVE-2022-31257,Password Bypass Vulnerability in Mendix Applications by Mendix,"A vulnerability exists in Mendix applications that could allow an attacker with access to an active user session to bypass password validation. This flaw affects multiple versions of Mendix 7, 8, and 9, enabling the attacker to potentially set weak passwords, compromising user security. Organizations using the affected versions should take immediate measures to update their applications to mitigate this risk.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9,Mendix Applications Using Mendix 9 (v9.12),Mendix Applications Using Mendix 9 (v9.6)",7.5,HIGH,0.0007300000288523734,false,,false,false,false,,false,false,2022-07-12T10:06:43.000Z,0
CVE-2022-27241,https://securityvulnerability.io/vulnerability/CVE-2022-27241,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9,Mendix Applications Using Mendix 9 (v9.6)",7.5,HIGH,0.003470000112429261,false,,false,false,false,,false,false,2022-04-12T09:08:00.000Z,0
CVE-2022-25650,https://securityvulnerability.io/vulnerability/CVE-2022-25650,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). When querying the database, it is possible to sort the results using a protected field. With this an authenticated attacker could extract information about the contents of a protected field.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9,Mendix Applications Using Mendix 9 (v9.6)",6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2022-04-12T09:07:42.000Z,0