PT-2026-42014

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description Multiple admin controllers expose DataTable endpoints that lack authorization checks. This allows any authenticated user, regardless of their assigned role, to access sensitive administrative data...

EUVD-2025-204570

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

CVE-2024-54140 sigstore-java has a vulnerability with bundle verification

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...

Memory corruption

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...

CVE-2020-15181 Admin account takeover in Alfresco Reset Password

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0...