VYPR
Vendor

Mcgill

Products
1
CVEs
11
Across products
11
Status
Private

Products

1

Recent CVEs

11
  • CVE-2026-35169HigApr 8, 2026
    risk 0.50cvss 8.7epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From to before 27.0.3 and 28.0.1, the help_editor module of LORIS did not properly sanitize some user supplied…

  • CVE-2026-35446HigApr 8, 2026
    risk 0.43cvss 7.7epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an…

  • CVE-2026-34392HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of…

  • CVE-2026-33350HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window…

  • CVE-2026-35403MedApr 8, 2026
    risk 0.35cvss 6.5epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 15.10 to before 27.0.3 and 28.0.1, there is a potential for a cross-site scripting attack in the survey_accounts…

  • CVE-2026-35165MedApr 8, 2026
    risk 0.34cvss 6.3epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the document_repository frontend was restricting file access, the backend…

  • CVE-2026-34985MedApr 8, 2026
    risk 0.34cvss 6.3epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not…

  • CVE-2026-39985MedApr 9, 2026
    risk 0.21cvss 4.3epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, the redirect parameter upon login to LORIS was not validating the value of the redirect as…

  • CVE-2026-35400LowApr 8, 2026
    risk 0.16cvss 3.5epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL…

  • CVE-2026-26985Feb 25, 2026
    risk 0.00cvss epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate…

  • CVE-2026-26984Feb 25, 2026
    risk 0.00cvss epss 0.01

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with sufficient privileges can exploit a path…