Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

CVE-2026-25806

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the GET /api/students/:email PUT /api/students/:email/status, and DELETE /api/students/:email routes in backend/src/routes/student.routes.ts only enforce authentication using authenticateToken but do...

PT-2026-7154

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the GET /api/students/:email PUT /api/students/:email/status, and DELETE /api/students/:email routes in backend/src/routes/student.routes.ts only enforce authentication using authenticateToken but do...

Missing Authorization

Overview typo3/cms-workspaces is a typo3 component for workflows with custom stages and versioning for a better editing and publishing experience Affected versions of this package are vulnerable to Missing Authorization due to inconsistent checks in the backend routing. An attacker can gain...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to inconsistent checks in the backend routing. An attacker can gain unauthorized access to backend AJAX routes by directly invoking them without proper permissions. Note: Additional fixed versions are available...

Missing Authorization

Overview typo3/cms-recycler is a typo3 component to restore deleted records or remove them from the database permanently. Affected versions of this package are vulnerable to Missing Authorization due to inconsistent checks in the backend routing. An attacker can gain unauthorized access to backen...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to inconsistent checks in the backend routing. An attacker can gain unauthorized access to backend AJAX routes by directly invoking them without proper permissions. Note: Additional fixed versions are available...

CVE-2025-59017 Broken Access Control in Backend AJAX Routes

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...

CVE-2025-59017 Broken Access Control in Backend AJAX Routes

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...

PT-2025-36693

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.54 TYPO3 CMS versions 10.0.0 through 10.4.53 TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: The Backend Routing...

CVE-2024-4851

The CVE-2024-4851 entry concerns stangirard/quivr v0.0.204 with a Server-Side Request Forgery in the crawl endpoint. The issue arises from the url parameter allowing requests to arbitrary URLs, enabling SSRF to access internal networks via backend/routes/crawl_routes.py (crawl_endpoint). The haza...

CVE-2024-4851 SSRF Vulnerability in stangirard/quivr

A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...

Panels - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-047

Panels does not check access on some routes Critical Panels allows users with certain permissions to modify the layout and panel panes on pages or entities utilizing panels. Much of the functionality to modify these panels rely on backend routes that call administrative forms. These forms did not...