73 matches found
CVE-2026-25519
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...
CVE-2026-25519 OpenSlides has incorrect access control vulnerability in authentication service
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...
EUVD-2026-5342
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...
CVE-2026-25519
OpenSlides prior to version 4.2.29 contains an incorrect access control in the authentication flow for users synced via an external IDP (SAML). Specifically, an attacker can log in using the local login form with the OpenSlides username of a SAML user and a trivial password, with the known passwo...
CVE-2026-25519
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...
CVE-2026-25519 OpenSlides has incorrect access control vulnerability in authentication service
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...
OpenSlides 访问控制错误漏洞
OpenSlides is an open-source, free web-based system for presentations and meetings. It is used to manage meeting agendas, motions, and votes. Versions of OpenSlides prior to 4.2.29 had a security vulnerability related to access control. This vulnerability stemmed from improper access control duri...
PT-2026-6309
Name of the Vulnerable Software and Affected Versions OpenSlides versions prior to 4.2.29 Description OpenSlides is a web-based presentation and assembly system. Prior to version 4.2.29, a flaw exists in access control for users synchronized via an external IDP, allowing local logins with a trivi...
EUVD-2020-0123
Malware in sbrugna...
EUVD-2025-7266
Malicious code in bioql PyPI...
EUVD-2024-0129
Malicious code in bioql PyPI...
EUVD-2025-7271
Malicious code in bioql PyPI...
EUVD-2025-7268
Malicious code in bioql PyPI...
EUVD-2025-7267
Malicious code in bioql PyPI...
CVE-2024-22892
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords...
CVE-2024-22893
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
CVE-2025-30343
A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file o...
CVE-2025-30345
An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chatgroup.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when...
CVE-2025-30344
An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password e.g., more than 100 milliseconds...
CVE-2025-30342
An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly...