本页列出影响 gnu savane 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-56355 | GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization. | [email protected] | 3.7 | 0.35% | 2026-06-20 | 2026-06-22 |
| CVE-2024-29399 | An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. | [email protected] | 7.6 | 0.95% | 2024-04-11 | 2026-06-17 |
| CVE-2024-27632 | An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function. | [email protected] | 8.8 | 1.27% | 2024-04-08 | 2026-06-17 |
| CVE-2024-27631 | Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php | [email protected] | 6.0 | 0.45% | 2024-04-08 | 2026-06-17 |
| CVE-2024-27630 | Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function. | [email protected] | 7.5 | 0.82% | 2024-04-08 | 2026-06-17 |