36 matches found
CVE-2026-56355
CVE-2026-56355 affects GNU Savannah Administration Savane up to version 3.17. The connected documents describe an authorization issue caused by using untrusted data in the authorization path. No explicit exploit vectors, impact details, or remediation/fixes are provided in the documents. Technica...
EUVD-2026-38135
GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization...
CVE-2026-56355
GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization...
EUVD-2024-24826
Malicious code in bioql PyPI...
EUVD-2024-24824
Malicious code in bioql PyPI...
CVE-2024-29399
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component...
CVE-2024-27630
Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...
CVE-2024-27632
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the formid in the formheader function...
CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php...
CVE-2024-29399
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component...
CVE-2024-29399
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component...
CVE-2024-29399
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component...
PT-2024-22879 · Gnu · Gnu Savane
Name of the Vulnerable Software and Affected Versions: GNU Savane versions 3.13 and earlier Description: An issue allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the "upload.php" component. Recommendations: For GNU Savane versions 3.13 and earlier,...
GNU Savane 安全漏洞
GNU Savane is a collaborative software development management system for the US GNU community. A security vulnerability exists in GNU Savane v.3.13 and earlier versions, which stems from a vulnerability that could allow a remote attacker to execute arbitrary code and escalate privileges via a...
GNU Savane Cross-Site Request Forgery Vulnerability
GNU Savane is a collaborative software development management system for the US GNU community. GNU Savane suffers from a cross-site request forgery vulnerability that arises from a WEB application that does not adequately verify that a request is from a trusted user. No details of the vulnerabili...
GNU Savane Insecure Direct Object Reference Vulnerability
GNU Savane is a collaborative software development management system for project management, code hosting and community collaboration. GNU Savane suffers from an insecure direct object reference vulnerability that arises from an application that does not properly implement access control mechanis...
GNU Savane Elevation of Privilege Vulnerability
GNU Savane is a collaborative software development management system developed by the GNU community for project management, code hosting and community collaboration. GNU Savane suffers from an elevation of privilege vulnerability, which originates in the formid in the formheader function and can ...
Exploit for Code Injection in Gnu Savane
CVE-2024-29399 Vulnerability Details Overview In Savane v...
CVE-2024-27632
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the formid in the formheader function...
CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php...