12 matches found
EUVD-2025-15867
Malicious code in bioql PyPI...
PT-2025-34840 · Unknown · Macrozheng Mall
Name of the Vulnerable Software and Affected Versions: macrozheng mall versions up to 1.0.3 Description: A flaw exists in the Registration component of the software, impacting an unknown function. This issue results in weak password requirements, potentially allowing unauthorized access. The atta...
CVE-2025-48391
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API...
CVE-2025-48391
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API...
CVE-2025-48391
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API...
CVE-2025-48391
CVE-2025-48391 affects JetBrains YouTrack before 2025.1.76253. The root cause is missing permission checks in the API, enabling deletion of issues. Connected sources (PT-2025-22284, CNVD-2025-11397, Red Hat CVE, NVD) corroborate the same impact and affected version range. Practical impact is dele...
CVE-2025-48391
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API...
JetBrains YouTrack 访问控制错误漏洞
JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. JetBrains YouTrack suffers from an Access Control Error vulnerability that stems from a lack...
PT-2025-22284 · Jetbrains · Youtrack
Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2025.1.76253 Description: The issue is related to missing permission checks in the API, which allowed deletion of issues. Recommendations: For versions prior to 2025.1.76253, update to version 2025.1.76253...
Cross-Site Request Forgery (CSRF) in alanaktion/phproject
✍️ Description Attacker able to delete any issue with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...
Asked to re-authenticate to delete issue
/jira/secure/DeleteIssue!default.jspa?id=10012 everything seems to work ok, but I try to delete previously existing issue and I get redirected to the URL above. instead of a delete issue page, I get a login page, only it looks messed up - it's the login form table miniwindow except spread 100%...
Asked to re-authenticate to delete issue
/jira/secure/DeleteIssue!default.jspa?id=10012 everything seems to work ok, but I try to delete previously existing issue and I get redirected to the URL above. instead of a delete issue page, I get a login page, only it looks messed up - it's the login form table miniwindow except spread 100%...