Gnu Savane
5 CVEs affecting Gnu Savane. Latest disclosed: 2026-06-20. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-27632 | High | 8.8 | 2024-04-08 | An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function. |
CVE-2024-29399 | High | 7.6 | 2024-04-11 | An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the u… |
CVE-2024-27630 | High | 7.5 | 2024-04-08 | Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_da… |
CVE-2024-27631 | Medium | 6.0 | 2024-04-08 | Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php |
CVE-2026-56355 | Low | 3.7 | 2026-06-20 | GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization. |