Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sherpa vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2022-23909
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.
Gimmal Sherpa Connector Service 2020.2.20328.2050
1 Github repository
3.5
CVSSv3
CVE-2025-46546
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll...
Sherpa Orchestrator
6.4
CVSSv3
CVE-2025-46544
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.
Sherpa Orchestrator
4.4
CVSSv3
CVE-2025-46545
In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.
Sherpa Orchestrator
5.4
CVSSv3
CVE-2025-46547
In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.
Sherpa Orchestrator
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-48117
themovation
CVE-2025-47556
CVE-2025-4794
log injection
privilege
CVE-2025-4427
rozario
shout
CVE-2025-48138
css3 compare pricing tables for wordpress
CVE-2023-21563
malicious code
on">CVE-2025-48114
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
Vulmon