3 matches found
EUVD-2025-7678
Malicious code in bioql PyPI...
aleksis (>=2023.1.0b0 <=2023.6.0b1), aleksis-app-alsijil (>=2.0.0a3 <=2.0c7_0) +9 more potentially affected by CVE-2025-25683 via aleksis-core (>=3.0.0 <=3.0.0b3)
aleksis-core PYPI version =3.0.0, =2023.1.0b0, =2.0.0a3, =1.0.7.dev0, =2.0.0b0, =2.0.0b0, =2.0.0b0, =2.0.0b0, =2.0.0a1, =1.0.0, =2.0.0b0, =2.1.0.dev1 Source cves: CVE-2025-25683 Source advisory: SNYK:PYTHON-ALEKSISCORE-9486554...
CVE-2025-25683
AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1...