Security Vulnerabilities
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is fixed in 0.6.20 and 0.7.2.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-02-09
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-02-09
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-09
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-02-09
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
CVSS Score
6.7
EPSS Score
0.0
Published
2026-02-09
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
CVSS Score
6.7
EPSS Score
0.0
Published
2026-02-09
Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-09
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/student.submission.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks).
CVSS Score
9.1
EPSS Score
0.001
Published
2026-02-09
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks). For example, this can be used to return all results for an assessment.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-02-09
FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2.1, the Adminer route (/admin/adminer) was accessible without Shopware admin authentication. The route was configured with auth_required=false and performed no session validation, exposing the Adminer UI to unauthenticated users. This vulnerability is fixed in 2.2.1.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-09