PT-2026-2967

This module enables allows group managers to invite people into their group. The module doesn't sufficiently check access under certain circumstances, allowing unauthorized users to access the group's content. This vulnerability is mitigated by the fact that it only occurs when certain uncommon...

Linux Distros Unpatched Vulnerability : CVE-2025-53922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in a...

CVE-2025-53922

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...

CVE-2025-58052

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

UBUNTU-CVE-2025-58052

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

EUVD-2025-204570

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

CVE-2025-58052 Galette has groups managers access control bypass on Members

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

CVE-2025-58052

CVE-2025-58052 affects the Galette web application (non-profit membership manager). From version 0.9.6 through 1.1.x, attackers with a group manager role can bypass access controls, enabling unauthorized access and changes despite RBAC. The issue requires privileged access initially, limiting exp...

CVE-2025-58052 Galette has groups managers access control bypass on Members

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

EUVD-2025-204544

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...

CVE-2025-53922 Galette has access control bypass

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...

EUVD-2024-54487

Malicious code in bioql PyPI...

CVE-2025-7691 Privilege Defined With Unsafe Actions in GitLab

A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access...

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

CVE-2024-55070

CVE-2024-55070 affects hay-kot mealie v2.2.0. The vulnerability is a Broken Object Level Authorization in the component at /households/permissions, enabling group managers to edit their own permissions. Documented impact is limited to this privilege escalation vector (group managers changing thei...

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...