15 matches found
EUVD-2025-12155
Malicious code in bioql PyPI...
EUVD-2025-12152
Malicious code in bioql PyPI...
CVE-2025-27581
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...
CVE-2025-27580
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...
CVE-2025-27580
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...
CVE-2025-27581
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...
CVE-2025-27580
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...
PT-2025-17677 · Nih · Nih Brics
Name of the Vulnerable Software and Affected Versions: NIH BRICS aka Biomedical Research Informatics Computing System versions 14.0.0-67 and earlier Description: The issue allows users without the InET role to access the InET module by making direct requests to known endpoints. Recommendations: F...
CVE-2025-27581
CVE-2025-27581 affects NIH BRICS (Biomedical Research Informatics Computing System) up to version 14.0.0-67, where users lacking the InET role can access the InET module via direct requests to known endpoints. The issue originates from insufficient access controls on InET endpoints, enabling unau...
CVE-2025-27580
CVE-2025-27580 affects NIH BRICS (Biomedical Research Informatics Computing System) up to version 14.0.0-67. The issue is that token generation is predictable, depending on the user’s username, time, and a fixed string (7Dl9#dj-), which enables unauthenticated users with a CAC to escalate privile...
CVE-2025-27580
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...
CVE-2025-27581
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...
CVE-2025-27580
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...
CVE-2025-27581
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...
PT-2025-17676 · Nih · Nih Brics
Name of the Vulnerable Software and Affected Versions: NIH BRICS aka Biomedical Research Informatics Computing System versions 14.0.0 through 14.0.0-67 Description: The issue allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, including...