4.8

CVSS4.0

CVE-2025-27141 - Metabase Enterprise Edition allows cached questions to leak data to impersonated users

Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see results…

πŸ“… Published: Feb. 24, 2025, 10:05 p.m. πŸ”„ Last Modified: Feb. 28, 2025, 4:07 p.m.

10

CVSS4.0

CVE-2025-27140 - WeGIA vulnerable to OS Command Injection at endpoint 'importar_dump.php' parameter 'import' (RCE)

WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, `importar_dump.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a comm…

πŸ“… Published: Feb. 24, 2025, 9:21 p.m. πŸ”„ Last Modified: Feb. 25, 2025, 2:32 p.m.

4.4

CVSS3.1

CVE-2025-27137 - Dependency-Track vulnerable to local file inclusion via custom notification templates

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the `SYSTEM_CONFIGURATION` permission to customize notification templates. Templates are evaluated using the Pebble template engin…

πŸ“… Published: Feb. 24, 2025, 8:59 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.1

CVSS3.1

CVE-2025-26533 - SQL injection risk in course search module list filter

An SQL injection risk was identified in the module list filter within course search.

πŸ“… Published: Feb. 24, 2025, 8:07 p.m. πŸ”„ Last Modified: Aug. 6, 2025, 11:57 p.m.

3.1

CVSS3.1

CVE-2025-26532 - Teachers can evade trusttext config when restoring glossary entries

Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.

πŸ“… Published: Feb. 24, 2025, 8:05 p.m. πŸ”„ Last Modified: Aug. 6, 2025, 11:59 p.m.

3.1

CVSS3.1

CVE-2025-26531 - IDOR in badges allows disabling of arbitrary badges

Insufficient capability checks made it possible to disable badges a user does not have permission to access.

πŸ“… Published: Feb. 24, 2025, 8:02 p.m. πŸ”„ Last Modified: Aug. 7, 2025, 12:06 a.m.

8.3

CVSS3.1

CVE-2025-26530 - Reflected XSS via question bank filter

The question bank filter required additional sanitizing to prevent a reflected XSS risk.

πŸ“… Published: Feb. 24, 2025, 7:56 p.m. πŸ”„ Last Modified: Aug. 11, 2025, 2:55 p.m.

8.3

CVSS3.1

CVE-2025-26529 - Stored XSS risk in admin live log

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

πŸ“… Published: Feb. 24, 2025, 7:52 p.m. πŸ”„ Last Modified: Aug. 8, 2025, 7:37 p.m.

3.4

CVSS3.1

CVE-2025-26528 - Stored XSS in ddimageortext question type

The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.

πŸ“… Published: Feb. 24, 2025, 7:50 p.m. πŸ”„ Last Modified: Aug. 8, 2025, 7:38 p.m.

5.3

CVSS3.1

CVE-2025-26527 - Non-searchable tags can still be discovered on the tag search page and in the tags block

Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.

πŸ“… Published: Feb. 24, 2025, 7:44 p.m. πŸ”„ Last Modified: Aug. 8, 2025, 7:40 p.m.
Total resulsts: 345081
Page 6233 of 34,509
Β« previous page Β» next page
Filters