CVE-2026-34381

Admidio versions 5.0.0–5.0.7 rely on adm_my_files/.htaccess to deny direct access, but the Docker image uses AllowOverride None, so Apache ignores .htaccess. This allows unauthenticated HTTP access to uploaded documents if the path is known; the path is disclosed in the upload response JSON. The ...

Spree 安全漏洞

Spree is an open source shopping mall using Ruby on Rails for individual developers. A security vulnerability exists in Spree versions prior to 4.10.2, 5.0.7, 5.1.9, and 5.2.5, which stems from an insecure direct object reference by an authenticated user that could lead to obtaining other users'...

EUVD-2025-205197

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through = 5.0.7...

PYSEC-2024-57

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...