EUVD-2025-7728

Malicious code in bioql PyPI...

EUVD-2025-7807

Malicious code in bioql PyPI...

CVE-2025-27792

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery CSRF were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referre...

AZL-62432 CVE-2025-27101 affecting package opal 3.10.11-13

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of t...

CVE-2025-27792

Opal CSRF protection bypass (CVE-2025-27792) affects Opal prior to v5.1.1. The issue arises because the referrer header can be dropped in CSRF requests (e.g., via ), bypassing server checks. A patch exists in version 5.1.1. Some sources indicate PoC exploitation is possible; CVSS details in the r...

CVE-2025-27101

CVE-2025-27101 — Opal filesystem copy path traversal / access control issue : Opal (OBiBa) before version 5.1.1 exposes files from a user’s directory when copying any parent directory to a folder under /temp/. This flaw allows any user (including low-privilege DataShield users) to access files th...