CVE-2025-57758 Contao has improper access control in the back end voters

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying...

CVE-2025-57758

Contao CMS vulnerability CVE-2025-57758 affects Contao Core (versions from 5.0.0 up to, but not including, 5.3.38 and 5.6.1). The back-end table access voter fails to verify whether a user is allowed to access the target module, enabling improper access control. Patches are implemented in Contao ...

CVE-2025-57758 Contao has improper access control in the back end voters

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying...

GHSA-7M47-R75R-CX8V Contao applies improper access control in the back end voters

Impact The table access voter in the back end doesn't check if a user is allowed to access the corresponding module. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not rely solely on the voter and additionally check USERCANACCESSMODULE. For more information If you have any questions or...

PT-2025-35104

Name of the Vulnerable Software and Affected Versions: Contao versions 5.0.0 through 5.3.37 Contao versions 5.6.0 through 5.6.0 Description: The table access voter in the back end does not verify if a user has permission to access the corresponding module. As a workaround, do not solely rely on t...

CVE-2013-1859

The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors...

NIH BRICS 安全漏洞

NIH BRICS is a biomedical research informatics computing system at NIH centers. A security vulnerability exists in NIH BRICS version 14.0.0-67 and prior versions that originates from direct access to a known endpoint and could lead to unauthorized module access...

PT-2025-17677 · Nih · Nih Brics

Name of the Vulnerable Software and Affected Versions: NIH BRICS aka Biomedical Research Informatics Computing System versions 14.0.0-67 and earlier Description: The issue allows users without the InET role to access the InET module by making direct requests to known endpoints. Recommendations: F...

PT-2025-2534

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.74 Description: A vulnerability has been resolved in the Linux kernel, specifically in the net: wwan: t7xx module, related to a Fix FSM command timeout issue. When the driver processes an internal state chan...

BIT-NODE-MIN-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

PT-2024-8764 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files Server versions prior to 24.11 Description: The issue is related to weaknesses in the authentication procedure of the M-Files Server platform, which can be exploited by a remote attacker to bypass authentication and elevate privileges...

PT-2024-26495 · Vmir · Vmir

Name of the Vulnerable Software and Affected Versions: vmir version e8117 Description: A stack overflow issue was discovered in the init local vars function at /src/vmir wasm parser.c. This issue affects the vmir software, allowing for potential exploitation. Recommendations: For version e8117,...

PT-2024-36895

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability has been resolved in the Linux kernel related to the scsi: hisi sas driver. The issue occurs when the dump is triggered while the driver is unbind, causing a hang due to ...

PT-2024-7191

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.8 Description The issue is related to a negative array index read in the Linux kernel, specifically in the drm/amd/pm module. The problem arises from using negative values for clk idex as an index into an...

PT-2024-21157 · Unknown · Cd Custom Fields 4 Orders

Name of the Vulnerable Software and Affected Versions: CD Custom Fields 4 Orders version 1.0.0 and earlier Description: A SQL injection issue exists, allowing a guest to perform malicious actions. Recommendations: For versions 1.0.0 and earlier, update to a version later than 1.0.0 to resolve the...

PT-2023-19325 · Woorockets · Woorockets Corsa

Name of the Vulnerable Software and Affected Versions: WooRockets Corsa versions 1.5 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability. This allows for the upload of files with potentially dangerous types, which could lead to securit...

CVE-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

CVE-2023-43664 Employee without any access rights can list all installed modules in Prestashop

PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn't check access rights. This issue has been addressed in commit 15bd281c which is...

GHSA-GVRG-62JP-RF7J PrestaShop allows employee without any access rights to list all installed modules

Impact In BO, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn't check access rights Patches Fixed on 8.1.2 Workarounds References...

PT-2023-28017 · Grupposcai · Grupposcai Realgimm

Name of the Vulnerable Software and Affected Versions: GruppoSCAI RealGimm version 1.1.37p38 Description: The issue is related to an arbitrary file upload vulnerability in the Gestione Documentale module, which allows attackers to execute arbitrary code by uploading a crafted file. Recommendation...