EUVD-2022-4233

Malicious code in bioql PyPI...

EUVD-2025-22595

Malicious code in bioql PyPI...

GHSA-CMM8-GW4M-26CW Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter

Withdrawn Advisory This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w. Original Description JHipster before v.8.9.0 allows...

CVE-2025-43712

JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...

CVE-2025-43712

Summary: CVE-2025-43712 affects JHipster before 8.9.0, where the unvalidated authorities parameter in the /api/account response can be manipulated to escalate privileges from ROLE_USER to ROLE_ADMIN, potentially exposing admin functionality. What’s affected: JHipster-generated apps prior to 8.9.0...

CVE-2017-1000221

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role...