126 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-48884
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to...
CVE-2021-41261
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...
CVE-2021-41260
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue...
Linux Distros Unpatched Vulnerability : CVE-2025-58052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group...
Linux Distros Unpatched Vulnerability : CVE-2025-53922
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in a...
Linux Distros Unpatched Vulnerability : CVE-2025-48076
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS...
Linux Distros Unpatched Vulnerability : CVE-2025-58053
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged...
CVE-2025-58053
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...
CVE-2025-58052
Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...
CVE-2025-53922
Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...
CVE-2025-58052
Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...
CVE-2025-58053
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...
CVE-2025-58052
Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...
UBUNTU-CVE-2025-58052
Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...
CVE-2025-58053
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...
CVE-2025-58053 Galette has a privilege escalation vulnerability
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...
EUVD-2025-204571
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...
CVE-2025-58053 Galette has a privilege escalation vulnerability
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...
CVE-2025-58053
Summary: Galette, a membership management web app, has a privilege-escalation issue reported for versions prior to 1.2.0. Root cause (as described): An account update can be performed with a self-forged POST request that may grant higher privileges. The issue is addressed in version 1.2.0. Impact...
CVE-2025-58053 Galette has a privilege escalation vulnerability
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...