Venki

venki

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-46481 1Venki 1Supravizio Bpm Oct 3, 2025 Jan 13, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.
CVE-2024-46480 1Venki 1Supravizio Bpm Oct 3, 2025 Jan 13, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.
CVE-2024-46479 1Venki 1Supravizio Bpm Oct 7, 2025 Jan 13, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.
CVE-2020-15392 1Venki 1Supravizio Bpm Nov 21, 2024 Jul 7, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid...Show more A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.Show less
CVE-2020-15367 1Venki 1Supravizio Bpm Nov 21, 2024 Jul 7, 2020 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.