sherparpa CVE Vulnerabilities & CVE List (4)

Products (CPE): — CVEs: 4

sherparpa vulnerability overview

Aggregates CVE and security vulnerability intelligence across all sherparpa-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk sql injection, vendor risk cross-site scripting, and vendor risk csrf and related problems; some flaws may lead to vendor impact session compromise and vendor impact data exposure.

Vulnerability distribution trend (last 24 months)

Showing 14 of 4 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-46547 In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue. [email protected] 5.4 0.14% 2025-04-24 2026-06-17
CVE-2025-46546 In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/. [email protected] 3.5 0.33% 2025-04-24 2026-06-17
CVE-2025-46545 In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires. [email protected] 4.4 0.23% 2025-04-24 2026-06-17
CVE-2025-46544 In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles. [email protected] 6.4 0.23% 2025-04-24 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence