DEBIAN-CVE-2025-66423

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

EUVD-2012-4656

Malware in sbrugna...

EUVD-2006-7181

Malware in sbrugna...

EUVD-2019-0144

Malware in sbrugna...

EUVD-2025-12742

Malicious code in bioql PyPI...

EUVD-2023-2510

Malicious code in bioql PyPI...

EUVD-2025-12743

Malicious code in bioql PyPI...

CVE-2025-48474 FreeScout Vulnerable to Insufficient Authorization

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with showonlyassignedconversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they have...

CVE-2024-38370

GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16...

PT-2025-23178 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The application incorrectly checks user access rights for conversations. Users with show only assigned conversations enabled can assign themselves to an arbitrary conversation from the mailbox ...

CVE-2025-32971

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

TeamPass does not properly check whether a folder is in a user's allowed folders list

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin...

PT-2023-25395 · Tuleap · Tuleap

Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 14.9.99.63 Description: The issue occurs when switching from a project visibility that allows restricted users to Private without restricted, where restricted users that are project administrators retain their access...

CVE-2008-0807

CVE-2008-0807 affects Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, deployed in Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5. The flaw in lib/Driver/sql.php fails to properly check access rights, allowing remote authenticated use...

Gallery: Arbitrary command execution

Background Gallery is a PHP script for maintaining online photo albums. Description The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file exists for 30 seconds, a carefull...