5 matches found
CVE-2026-26985
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can re...
EUVD-2026-8747
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can re...
CVE-2026-26985 LORIS vulnerable to path traversal in electrophysiology_browser
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can re...
CVE-2026-26985 LORIS vulnerable to path traversal in electrophysiology_browser
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can re...
CVE-2026-26985
CVE-2026-26985 affects LORIS 24.0.0 through versions prior to 26.0.5, 27.0.2, and 28.0.0. A authenticated user with the right permissions can abuse a path traversal flaw in the electrophysiology_browser to read server configuration files that may contain hard-coded credentials, potentially enabli...