27 matches found
EUVD-2024-52176
Malicious code in bioql PyPI...
CVE-2025-58156 Centurion ERP users can view hashed authentication tokens that belong to other users
Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed token. This does not include any un-hashed...
CVE-2025-58156
CVE-2025-58156 (Centurion ERP) affects Centurion ERP versions 1.12.0 to before 1.21.0. An authenticated user could view token details in the database, including the actual token in hashed form (no unhashed tokens were viewable). The issue has been patched in version 1.21.0. A workaround that disa...
CVE-2025-58156 Centurion ERP users can view hashed authentication tokens that belong to other users
Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed token. This does not include any un-hashed...
CVE-2025-58156 Centurion ERP users can view hashed authentication tokens that belong to other users
Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed token. This does not include any un-hashed...
Centurion ERP 授权问题漏洞
Centurion ERP is an open source management system from No Fuss Computing. An authorization issue vulnerability exists in Centurion ERP versions prior to 1.12.0 through 1.21.0, which stems from an improperly viewed authentication token that could lead to information disclosure...
CVE-2024-49373
No Fuss Computing Centurion ERP is open source enterprise resource planning ERP software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem...
CVE-2024-53855
Centurion ERP Enterprise Rescource Planning is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management ITSM modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they...
CVE-2024-53855
Centurion ERP Enterprise Rescource Planning is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management ITSM modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they...
CVE-2024-53855 User can view tickets from organizations they're not apart of in centurion_erp
Centurion ERP Enterprise Rescource Planning is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management ITSM modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they...
CVE-2024-53855 User can view tickets from organizations they're not apart of in centurion_erp
Centurion ERP Enterprise Rescource Planning is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management ITSM modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they...
CVE-2024-53855 User can view tickets from organizations they're not apart of in centurion_erp
Centurion ERP Enterprise Rescource Planning is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management ITSM modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they...
CVE-2024-53855
Centurion ERP prior to 1.3.1 allows an authenticated user with certain ticket-view permissions (view_ticket_change, view_ticket_incident, view_ticket_request, view_ticket_problem) to view tickets belonging to other organizations when using the API endpoints for tickets. The UI and Project Tasks a...
No Fuss Computing Centurion ERP 安全漏洞
No Fuss Computing Centurion ERP is an open source enterprise resource planning ERP software from No Fuss Computing. A security vulnerability exists in No Fuss Computing Centurion ERP versions prior to 1.3.1, which originated when an authenticated user with work order viewing privileges could view...
PT-2024-35952 · Unknown · Centurion Erp
Name of the Vulnerable Software and Affected Versions: Centurion ERP versions prior to 1.3.1 Description: A user with view permissions for a ticket can view the tickets of another organization they are not a part of, if they have specific permissions such as view ticket change, view ticket...
CVE-2024-49373
No Fuss Computing Centurion ERP is open source enterprise resource planning ERP software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem...
CVE-2024-49373 Centurion ERP user can view projects from organizations they're not apart of
No Fuss Computing Centurion ERP is open source enterprise resource planning ERP software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem...
CVE-2024-49373 Centurion ERP user can view projects from organizations they're not apart of
No Fuss Computing Centurion ERP is open source enterprise resource planning ERP software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem...
CVE-2024-49373 Centurion ERP user can view projects from organizations they're not apart of
No Fuss Computing Centurion ERP is open source enterprise resource planning ERP software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem...
CVE-2024-49373
CVE-2024-49373 affects No Fuss Computing Centurion ERP. Prior to version 1.2.1, an authenticated user can view projects within organizations they do not belong to. The issue is fixed in version 1.2.1. Affected: Centurion ERP (No Fuss Computing); Root cause: exposed access to cross-organization pr...