11 matches found
CVE-2022-26595
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI...
EUVD-2022-3778
Malicious code in bioql PyPI...
EUVD-2024-34134
Malicious code in bioql PyPI...
CVE-2022-28160
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller...
CVE-2021-33327
The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...
CVE-2025-32945
PeerTube CVE-2025-32945: A REST API flaw allows an authenticated user to add playlists to another user’s channel. The code creates the playlist with the requester as owner and sets the channel to the supplied ID without verifying ownership, enabling cross-user playlist creation. CVSS v3.1 base sc...
CVE-2024-13060
CVE-2024-13060 affects AnythingLLM Docker 1.3.1 and earlier. Affected component: the user cookie handling (cookie parameter id) that determines which profile picture is loaded. Root cause: insufficient authorization checks allow users with Default permission to access other users’ profile picture...
CVE-2024-45058
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator or...
CVE-2022-39206 CI/CD Docker Escape in OneDev
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...
Liferay Portal and Liferay DXP does not properly check user permission
The Portlet Configuration module before 4.0.13 in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if...
Moodle Access Control Error Vulnerability
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from an Access Control Error vulnerability that stems from a failure to adequately check a user's ability to enroll when...