Savane
by GNU
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-56355 | 0.00 | — | — | Jun 20, 2026 | GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization. | |||
| CVE-2024-29399 | 0.00 | — | 0.01 | Apr 11, 2024 | An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. | |||
| CVE-2024-27630 | 0.00 | — | 0.01 | Apr 8, 2024 | Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function. | |||
| CVE-2024-27632 | 0.00 | — | 0.01 | Apr 8, 2024 | An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function. | |||
| CVE-2024-27631 | 0.00 | — | 0.00 | Apr 8, 2024 | Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php |
- CVE-2026-56355Jun 20, 2026risk 0.00cvss —epss —
GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.
- CVE-2024-29399Apr 11, 2024risk 0.00cvss —epss 0.01
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.
- CVE-2024-27630Apr 8, 2024risk 0.00cvss —epss 0.01
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
- CVE-2024-27632Apr 8, 2024risk 0.00cvss —epss 0.01
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
- CVE-2024-27631Apr 8, 2024risk 0.00cvss —epss 0.00
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php