VYPR
Vendor

Camunda

Products
2
CVEs
2
Across products
2
Status
Private

Products

2

Recent CVEs

2
  • CVE-2024-51577MedNov 10, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in neville.lugton bpmn.io bpmnio allows Stored XSS.This issue affects bpmn.io: from n/a through <= 1.0.

  • CVE-2021-28154Mar 11, 2021
    risk 0.00cvss epss 0.01

    Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured…