CVE-2025-60427

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...

CVE-2025-60427

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...

CVE-2025-60427

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...

Libretime 安全漏洞

Libretime is a radio broadcasting and automation platform. A security vulnerability exists in Libretime 3.0.0-alpha.10 and earlier versions, which stems from unvalidated role-based permissions and could lead to information disclosure...

CVE-2025-60427

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...

CVE-2025-60427

LibreTime 3.0.0-alpha.10 (and possibly earlier) is affected by Broken Access Control. A user with the DJ role can access analytics data via the Web UI and direct API calls because the backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of statio...

EUVD-2025-35203

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...

EUVD-2021-30592

Malicious code in bioql PyPI...

Unspecified vulnerability in libretime

Libretime is a radio broadcast and automation platform. libretime is vulnerable due to a naming function vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController. php for path manipulation. No details of the vulnerability are currently available...

CVE-2021-43685

libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function...

CVE-2021-43685

libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function...

Path traversal

libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function...

CVE-2021-43685

libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function...

CVE-2021-43685

CVE-2021-43685 affects libretime hv3.0.0-alpha.10 and is linked to a path manipulation vulnerability in ShowImageController.php (legacy module) via the rename function. Connected sources consistently describe a naming/path traversal issue in /blob/master/legacy/application/modules/rest/controller...

libretime 安全漏洞

Libretime is a radio broadcast and automation platform. libretime is vulnerable due to a naming function vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController. php for path manipulation. No details of the vulnerability are currently available...