Lucene search
K

336 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/19 4:43 a.m.7 views

CVE-2026-32994

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

5.3CVSS6.1AI score0.00252EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 4:43 a.m.11 views

EUVD-2026-30835

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

5.3CVSS6.1AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 8:2 a.m.6 views

SUSE-SU-2026:1959-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. - CVE-2026-46300: net: skbuff: propagate shared-frag marker...

8.8CVSS6.1AI score0.93235EPSS
Exploits47References11
Cvelist
Cvelist
added 2026/05/15 7:41 p.m.48 views

CVE-2026-44559 Open WebUI: Missing Access Check on Channel Members Endpoint for Standard Channels

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/id/members endpoint only checks membership for group and dm channel types lines 467-469. For standard channels — including private ones — there is no...

4.3CVSS0.00221EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 7:41 p.m.13 views

CVE-2026-44559 Open WebUI: Missing Access Check on Channel Members Endpoint for Standard Channels

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/id/members endpoint only checks membership for group and dm channel types lines 467-469. For standard channels — including private ones — there is no...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 7:41 p.m.28 views

CVE-2026-44559

Summary (CVE-2026-44559) Open WebUI’s channel membership endpoint has an access control flaw on standard channels. Prior to version 0.9.0, GET /api/v1/channels/{id}/members only enforced membership checks for channel types ‘group’ and ‘dm’; standard (including private) channels did not perform ch...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 7:28 p.m.9 views

CVE-2026-44563 Open WebUI: Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References1
NVD
NVD
added 2026/05/11 8:25 p.m.22 views

CVE-2026-42883

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining...

6.5CVSS0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.14 views

EUVD-2026-29087

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/11 2:14 p.m.14 views

SUSE CVE-2026-43333

In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTRTOBUF pointers checkmemaccess matches PTRTOBUF via basetype which strips PTRMAYBENULL, allowing direct dereference without a null check. Map iterator ctx-key and ctx-value are PTRTOBUF |...

5.6CVSS5.8AI score0.00123EPSS
Exploits0References16
OSV
OSV
added 2026/05/08 7:51 p.m.6 views

GHSA-C7WP-3QH5-55PV Open WebUI Missing Access Check on Channel Members Endpoint for Standard Channels

Missing Access Check on Channel Members Endpoint for Standard Channels Affected Component Channel members listing endpoint: - backend/openwebui/routers/channels.py lines 445-507, getchannelmembersbyid Affected Versions Current main branch and likely all versions with the channels feature...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.14 views

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden 1.35.4 and earlier contained a security vulnerability. This vulnerability stemmed from the lack of a hasfullaccess authorization check in the getorgcollectionsdetails...

5.3CVSS5.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/28 8:11 p.m.12 views

EUVD-2026-26144

Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...

7.7CVSS5.3AI score0.00293EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/16 10:48 p.m.18 views

Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys

Isolated paperclip instance running in authenticated mode default config on a clean Docker image matching commit b649bd4 2026.411.0-canary.8, post the 2026.410.0 patch. This advisory was verified on an unmodified build. Summary POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE...

6AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/15 12:0 a.m.15 views

[20260513] - Core - Privilege escalation through com_users batch task

An improper access check allows privlege escalation through the comusers batch task...

9.8CVSS5.8AI score0.00268EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/10 8:49 a.m.2 views

BIT-JOOMLA-2026-23899 Joomla! Core - [20260306] - Improper access check in webservice endpoints

An improper access check allows unauthorized access to webservice endpoints...

8.8CVSS5.8AI score0.00401EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/04/02 12:0 a.m.6 views

Joomla! Multiple Vulnerabilities (20260302, 20260303, 20260304, 20260305, 20260306)

Joomla! is prone to multiple vulnerabilities. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

8.8CVSS5.7AI score0.00454EPSS
Exploits1
EUVD
EUVD
added 2026/04/01 12:31 p.m.4 views

EUVD-2026-17863

An improper access check allows unauthorized access to webservice endpoints...

8.6CVSS5.9AI score0.00401EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 9:3 a.m.2 views

CVE-2026-23899

An improper access check allows unauthorized access to webservice endpoints...

8.6CVSS5.9AI score0.00401EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 9:3 a.m.1 views

CVE-2026-23899 Joomla! Core - [20260306] - Improper access check in webservice endpoints

An improper access check allows unauthorized access to webservice endpoints...

8.6CVSS5.9AI score0.00401EPSS
Exploits0References1
Rows per page
Query Builder