EUVD-2021-8710

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-53113

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch...

GHSA-99VM-5V2H-H6R6 Directus allows updates to non-allowed fields due to overlapping policies

Summary If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. E.g. have one policy...

Directus allows updates to non-allowed fields due to overlapping policies

Summary If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. E.g. have one policy...

Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items

Items like jobs can be organized hierarchically in Jenkins, using the Folders Plugin or something similar. An item is expected to be accessible only if all its ancestors are accessible as well. Matrix Authorization Strategy Plugin 2.6.5 and earlier does not correctly perform permission checks to...

PT-2021-14667 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: Jenkins Role-based Authorization Strategy Plugin versions 3.1 and earlier Description: The issue arises from an incorrect permission check, allowing attackers with Item/Read permission on nested items to access them even if they lack Item/Rea...

GHSA-MXHP-79QH-MCX6 TaffyDB can allow access to any data items in the DB

TaffyDB allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. Taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properti...

Limesurvey Menu Item Access Vulnerability

limesurvey is an open source online questionnaire program with many functions such as questionnaire design, modification, release, recovery and statistics. A menu item access vulnerability exists in Limesurvey versions prior to 3.17.14. An attacker can use this vulnerability to view, update, or...

CVE-2017-15055

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments o...

CVE-2017-15055

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments o...