Mcgill

Loris

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-39985

  • EPSS 0.03%
  • Veröffentlicht 09.04.2026 18:17:02
  • Zuletzt bearbeitet 22.04.2026 00:24:34

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, the redirect parameter upon login to LORIS was not validating t...

8.6

CVE-2026-35446

  • EPSS 0.03%
  • Veröffentlicht 08.04.2026 18:28:30
  • Zuletzt bearbeitet 21.04.2026 20:04:43

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownl...

5.4

CVE-2026-35403

  • EPSS 0.03%
  • Veröffentlicht 08.04.2026 18:27:17
  • Zuletzt bearbeitet 21.04.2026 20:06:28

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 15.10 to before 27.0.3 and 28.0.1, there is a potential for a cross-site scripting att...

4.3

CVE-2026-35400

  • EPSS 0.03%
  • Veröffentlicht 08.04.2026 18:26:09
  • Zuletzt bearbeitet 21.04.2026 20:13:38

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrec...

5.4

CVE-2026-35169

  • EPSS 0.03%
  • Veröffentlicht 08.04.2026 18:24:27
  • Zuletzt bearbeitet 21.04.2026 20:16:53

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From to before 27.0.3 and 28.0.1, the help_editor module of LORIS did not properly sanitiz...

6.5

CVE-2026-35165

  • EPSS 0.03%
  • Veröffentlicht 08.04.2026 18:23:34
  • Zuletzt bearbeitet 21.04.2026 20:18:26

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the document_repository frontend was restric...

6.5

CVE-2026-34985

  • EPSS 0.03%
  • Veröffentlicht 08.04.2026 18:22:09
  • Zuletzt bearbeitet 21.04.2026 20:20:00

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters fil...

7.5

CVE-2026-34392

  • EPSS 0.03%
  • Veröffentlicht 08.04.2026 17:57:35
  • Zuletzt bearbeitet 17.04.2026 15:42:49

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attac...

7.5

CVE-2026-33350

  • EPSS 0.04%
  • Veröffentlicht 08.04.2026 17:47:32
  • Zuletzt bearbeitet 17.04.2026 15:50:43

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for t...

6.5

CVE-2026-26985

  • EPSS 0.04%
  • Veröffentlicht 25.02.2026 21:26:00
  • Zuletzt bearbeitet 05.03.2026 17:40:35

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticat...