34 matches found
EUVD-2025-22653
Malicious code in bioql PyPI...
EUVD-2023-0107
Malicious code in bioql PyPI...
SUSE CVE-2025-30086
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...
GO-2025-3826 Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor
Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
Sensitive Information Disclosure
github.com/goharbor/harbor is vulnerable to Sensitive Information Disclosure. The vulnerability is due to an ORM leak caused by improper filtering logic in the /api/v2.0/users endpoint, allowing administrators to extract password hash and salt values using the q URL parameter...
CVE-2025-30086
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...
CVE-2025-30086
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...
CVE-2025-30086
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...
CVE-2025-30086
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...
CVE-2025-30086
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...
CVE-2025-30086
CVE-2025-30086 affects CNCF Harbor: Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 are vulnerable to an ORM leak via the /api/v2.0/users endpoint. The q URL parameter lets an administrator filter by any column and abuse password=~ to leak a user’s password hash and salt character by charact...
Possible ORM Leak Vulnerability in the Harbor
Impact Administrator users on Harbor could exploit an ORM Leak https://www.elttam.com/blog/plormbing-your-django-orm/ vulnerability that was present in the /api/v2.0/users endpoint to leak users' password hash and salt values. This vulnerability was introduced into the application because the q U...
GHSA-H27M-3QW8-3PW8 Possible ORM Leak Vulnerability in the Harbor
Impact Administrator users on Harbor could exploit an ORM Leak https://www.elttam.com/blog/plormbing-your-django-orm/ vulnerability that was present in the /api/v2.0/users endpoint to leak users' password hash and salt values. This vulnerability was introduced into the application because the q U...
PT-2025-30605 · Cncf · Cncf Harbor
Name of the Vulnerable Software and Affected Versions: CNCF Harbor versions 2.12.0 through 2.12.3 CNCF Harbor versions 2.13.0 through 2.13.0 Description: An ORM leak exists in the /api/v2.0/users endpoint, allowing administrators to potentially disclose users' password hash and salt values. The q...
CVE-2023-43791
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...
GO-2024-3153 Navidrome has Multiple SQL Injections and ORM Leak in github.com/navidrome/navidrome
Navidrome has Multiple SQL Injections and ORM Leak in github.com/navidrome/navidrome...
CVE-2024-47062
Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not...
CVE-2024-47062
Navidrome (
CVE-2024-47062 Multiple SQL Injections and ORM Leak in navidrome
Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not...
CVE-2024-47062 Multiple SQL Injections and ORM Leak in navidrome
Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not...