CVE-2026-25741

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

EUVD-2024-2721

Malicious code in bioql PyPI...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to insufficient authentication in the upgrade flow. An attacker can bypass access restrictions and perform unauthorized actions by exploiting the unprotected upgrade logic. Remediation...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to insufficient authentication in the upgrade flow. An attacker can bypass access restrictions and perform unauthorized actions by exploiting the unprotected upgrade logic. Remediation...

CVE-2022-25770 Insufficient authentication in upgrade flow

Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable...