Lucene search
K

492 matches found

CVE
CVE
added 2025/12/19 4:24 p.m.13 views

CVE-2025-58052

CVE-2025-58052 affects the Galette web application (non-profit membership manager). From version 0.9.6 through 1.1.x, attackers with a group manager role can bypass access controls, enabling unauthorized access and changes despite RBAC. The issue requires privileged access initially, limiting exp...

8.1CVSS6.3AI score0.00271EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/12/19 4:24 p.m.5 views

CVE-2025-58052 Galette has groups managers access control bypass on Members

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

5.3CVSS6.7AI score0.00271EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/19 3:10 p.m.3 views

CVE-2025-53922 Galette has access control bypass

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...

5.3CVSS6.3AI score0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/19 3:10 p.m.4 views

EUVD-2025-204544

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...

5.3CVSS6.2AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 12:46 a.m.2 views

CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

7.2CVSS7.8AI score0.00347EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.6 views

PT-2025-51357

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.0 Description A SQL injection issue exists in the EventEditor.php file of ChurchCRM. The EN tyid POST parameter, used when creating a new event and selecting an event type, is not properly sanitized. This allows...

7.2CVSS7.9AI score0.00347EPSS
Exploits1References7
Packet Storm News
Packet Storm News
added 2025/11/25 12:0 a.m.3 views

A Reality Check on SBOM-Based Vulnerability Management: An Empirical Study and a Path Forward

The Software Bill of Materials SBOM is a critical tool for securing the software supply chain SSC, but its practical utility is undermined by inaccuracies in both its generation and its application in vulnerability scanning. This paper presents a large-scale empirical study on 2,414 open-source...

7AI score
Exploits0
EUVD
EUVD
added 2025/11/20 9:30 p.m.5 views

EUVD-2025-198335

Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user...

3.5CVSS4.1AI score0.00312EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.3 views

Malicious code in perseus-procyon-hugo-ophiuchus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87cbc891ef57a039f013ea6cf1f8543491dfaf10476bd98ffc8f915a00739772 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2025/10/27 5:29 p.m.10 views

Revive Adserver: IDOR Vulnerability in Banner Deletion

Summary I found an IDOR vulnerability in Revive Adserver's banner deletion endpoint that lets any Manager delete banners belonging to other Managers. The code validates access to the parent campaign but doesn't check if the user owns the specific banner being deleted. This means Manager A can...

7.1CVSS7.3AI score0.00275EPSS
Exploits1
CERT
CERT
added 2025/10/17 12:0 a.m.6 views

Multiple Password Managers Vulnerable to Clickjacking Attacks

Overview Browser-extension password managers, which autofill sensitive information on websites, can be exposed to various clickjacking attacks. These attacks exploit the trust relationship between a web page and the user-interface elements injected by the extension. Recent studies show that...

6.4AI score
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/10/15 12:0 a.m.8 views

How Blind and Low-Vision Users Manage Their Passwords

Managing passwords securely and conveniently is still an open problem for many users. Existing research has examined users' password management strategies and identified pain points, such as security concerns, leading to insecure practices. We investigate how Blind and Low-Vision BLV users tackle...

6.9AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/10/14 1:15 p.m.2 views

Security update for python-urllib3

This update for python-urllib3 fixes the following issues: CVE-2025-50181: Pool managers now properly control redirects when retries is passed bsc1244925 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6CVSS7.1AI score0.004EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-7549

Malware in sbrugna...

9CVSS8.8AI score0.03623EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-7550

Malware in sbrugna...

10CVSS9.5AI score0.04868EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-9483

Malware in sbrugna...

4.3CVSS5AI score0.00684EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0192

Malware in sbrugna...

4.3CVSS4.5AI score0.00992EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3698

Malicious code in bioql PyPI...

8.8CVSS6.8AI score0.01304EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12519

Malicious code in bioql PyPI...

8.8CVSS8.3AI score0.00816EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2025-19410

Malicious code in bioql PyPI...

2.9CVSS6.3AI score0.00157EPSS
Exploits0References6
Rows per page
Query Builder