CVE-2025-46547 – Sherpa Orchestrator Cross-Site Request Forgery (XSS, SQL Injection) Vulnerability

April 24, 2025

CVE ID : CVE-2025-46547

Published : April 25, 2025, 3:15 a.m. | 36 minutes ago

Description : In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46546 – Sherpa Orchestrator Blind SQL Injection Vulnerability

Next Article CVE-2025-46545 – Sherpa Orchestrator Stored Cross-Site Scripting (XSS) Vulnerability

Highlights

CVE-2025-8815 – Shiro Configuration Path Traversal Vulnerability

August 10, 2025

CVE ID : CVE-2025-8815

Published : Aug. 10, 2025, 4:15 p.m. | 9 hours, 26 minutes ago

Description : A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Distribution Release: Q4OS 6.1

Learning from PHP Log to File Example

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

Package efficiency and dependency hygiene

Dmitry — The Deep Magic

Dmitry — The Deep Magic

Right way to record and share our Terminal sessions

Windows 11 Powers Up WSL: How GPU Acceleration & Kernel Upgrades Change the Game

CVE-2025-46547 – Sherpa Orchestrator Cross-Site Request Forgery (XSS, SQL Injection) Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Student Insider Threats Driving Surge in UK School Data Breaches, ICO Warns

How to Use Snapchat on Your PC or Laptop

CISA Adds 5 Actively Exploited Vulnerabilities to KEV Catalog: ASUS Routers, Craft CMS, and ConnectWise Targeted

Why the tech industry needs to stand firm on preserving end-to-end encryption

CVE-2025-5783 – PHPGurukul Employee Record Management System SQL Injection Vulnerability

CVE-2025-8815 – Shiro Configuration Path Traversal Vulnerability

Right way to record and share our Terminal sessions

Attacks on the education sector are surging: How can cyber-defenders respond?

CVE-2025-49194 – Apache Server Plaintext Authentication Exposure

CVE-2025-46547 – Sherpa Orchestrator Cross-Site Request Forgery (XSS, SQL Injection) Vulnerability

Related Posts