21 matches found
EUVD-2025-7678
Malicious code in bioql PyPI...
EUVD-2022-5974
Malicious code in bioql PyPI...
CVE-2022-29773
An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...
CVE-2025-25683
AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1...
CVE-2025-25683
AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1...
Files or Directories Accessible to External Parties
Overview aleksis-core is a This is the core of the AlekSIS framework and the official distribution see below. It bundles functionality for all apps, and utilities for developers and administrators. Affected versions of this package are vulnerable to Files or Directories Accessible to External...
aleksis (>=2023.1.0b0 <=2023.6.0b1), aleksis-app-alsijil (>=2.0.0a3 <=2.0c7_0) +9 more potentially affected by CVE-2025-25683 via aleksis-core (>=3.0.0 <=3.0.0b3)
aleksis-core PYPI version =3.0.0, =2023.1.0b0, =2.0.0a3, =1.0.7.dev0, =2.0.0b0, =2.0.0b0, =2.0.0b0, =2.0.0b0, =2.0.0a1, =1.0.0, =2.0.0b0, =2.1.0.dev1 Source cves: CVE-2025-25683 Source advisory: SNYK:PYTHON-ALEKSISCORE-9486554...
CVE-2025-25683
AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1...
CVE-2025-25683
AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1...
AlekSIS-Core 安全漏洞
AlekSIS-Core is a school information system from AlekSIS, Inc. A security vulnerability exists in AlekSIS-Core versions 3.0 through 3.2.1, which stems from improperly controlled access and could result in unauthorized access to PDF files...
CVE-2025-25683
CVE-2025-25683 affects AlekSIS-Core versions 3.0–3.2.1, with an underlying Incorrect Access Control that allows unauthenticated users to access all PDF files. Exploitation details are not provided in the documents, but multiple sources confirm the vulnerability and affected ranges. Remediation (w...
Privilege Escalation
AlekSIS-Core is vulnerable to privilege escalation. Lack of disabling of the oauthrequest.client.allowedscopes field in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin allows an attacker to access the system with arbitrary scopes...
Access control issue in AlekSIS-Core
An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...
GHSA-76X2-H8H3-CWJG Access control issue in AlekSIS-Core
An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...
CVE-2022-29773
An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...
CVE-2022-29773
An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...
CVE-2022-29773
An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...
Design/Logic Flaw
An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...
CVE-2022-29773
AlekSIS-Core vulnerability CVE-2022-29773 exists in ClientProtectedResourceMixin of aleksis/core/util/auth_helpers.py, affecting v2.8.1 and earlier. The issue is an access-control flaw that allows attackers to access arbitrary scopes when no allowed scopes are explicitly set. This finding is supp...
PT-2022-19822 · Unknown · Aleksis-Core
Name of the Vulnerable Software and Affected Versions: AlekSIS-Core versions 2.8.1 and below Description: An access control issue in aleksis/core/util/auth helpers.py, specifically in the ClientProtectedResourceMixin, allows attackers to access arbitrary scopes if no allowed scopes are specifical...