Aggregates CVE and security vulnerability intelligence across all venki-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk open redirect and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-46481 | The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS. | [email protected] | 7.2 | 0.27% | 2025-01-13 | 2026-06-17 |
| CVE-2024-46480 | An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. | [email protected] | 8.4 | 0.47% | 2025-01-13 | 2026-06-17 |
| CVE-2024-46479 | Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution. | [email protected] | 9.9 | 0.80% | 2025-01-13 | 2026-06-17 |
| CVE-2020-15392 | A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | [email protected] | 5.3 | 1.21% | 2020-07-07 | 2026-06-16 |
| CVE-2020-15367 | Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | [email protected] | 9.8 | 1.99% | 2020-07-07 | 2026-06-16 |