CVE-2026-41498

Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use IsGranted'editteam' instead of IsGranted'edit', 'team', causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user with th...

Public Voting Records: A Record, or an Attack Surface?

This is a whitepaper discussing a formal methodology for auditing voter-file disclosure regimes against linkage attacks...

Kimai has Missing Object-Level Authorization in the Team API

Summary The Team API endpoints use IsGranted'editteam' instead of IsGranted'edit', 'team', causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user with the editteam permission to modify any team, not just teams they are...

GHSA-JV9X-W4GM-HWCM Kimai has Missing Object-Level Authorization in the Team API

Summary The Team API endpoints use IsGranted'editteam' instead of IsGranted'edit', 'team', causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user with the editteam permission to modify any team, not just teams they are...

PT-2026-37123

Name of the Vulnerable Software and Affected Versions Kimai versions prior to 2.54.0 Description Team API endpoints in the TeamController.php file use the IsGranted'edit team' attribute instead of IsGranted'edit','team'. This causes the Symfony TeamVoter to abstain from voting, which removes...

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters

In December, the Trump administration signed an executive order that neutered states' ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequenc...

Team Mirai and Democracy

Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai, illustrates the viability of a different way to do politics. In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to...

Ransomware Breach at University of Hawaii Cancer Center Affects 1.2M People

The University of Hawaii Cancer Centre has confirmed a massive ransomware attack affecting 1.24 million people. Sensitive data, including Social Security numbers and historical voter records dating back to 1993, was compromised...

Four Ways AI Is Being Used to Strengthen Democracies Worldwide

Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes, there are risks to democracy from A...

AI and Voter Engagement

Social media has been a familiar, even mundane, part of life for nearly two decades. It can be easy to forget it was not always that way. In 2008, social media was just emerging into the mainstream. Facebook reached 100 million users that summer. And a singular candidate was integrating social...

CVE-2025-11409

A vulnerability was detected in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument voter results in sql injection. Remote exploitation of the attack is possible. The exploit is now...

CVE-2025-11409

A vulnerability was detected in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument voter results in sql injection. Remote exploitation of the attack is possible. The exploit is now...

CVE-2025-11409 Campcodes Advanced Online Voting Management System index.php sql injection

A vulnerability was detected in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument voter results in sql injection. Remote exploitation of the attack is possible. The exploit is now...

CVE-2025-11409

CVE-2025-11409 affects Campcodes Advanced Online Voting Management System 1.0. The vulnerability is in an unknown function in /index.php where manipulating the voter parameter enables SQL injection. Remote exploitation is possible, and the exploit is public. Multiple sources corroborate the issue...

CVE-2025-11409 Campcodes Advanced Online Voting Management System index.php sql injection

A vulnerability was detected in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument voter results in sql injection. Remote exploitation of the attack is possible. The exploit is now...

EUVD-2025-32880

A vulnerability was detected in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument voter results in sql injection. Remote exploitation of the attack is possible. The exploit is now...

EUVD-2014-1222

Malware in sbrugna...

EUVD-2020-29819

Malware in sbrugna...

CampCodes Advanced Online Voting Management System SQL注入漏洞

CampCodes Advanced Online Voting Management System is an advanced online voting management system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in CampCodes Advanced Online Voting Management System version 1.0, which stems from an incorrect manipulation of the parameter...

EUVD-2025-28421

Malicious code in bioql PyPI...