Lucene search
K

1225 matches found

CVE
CVE
added 2026/05/15 7:34 p.m.24 views

CVE-2026-44561

CVE-2026-44561 affects Open WebUI. The vulnerability arises in the is_user_channel_member check: before 0.9.0, the code verifies ChannelMember existence but ignores is_active, so deactivated members (status 'left', is_active=False) retain full read/write access to group/DM channels via direct API...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/14 8:28 p.m.7 views

GHSA-26G9-27VM-X3Q8 Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion

Summary Any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile authorization gate unconditionally grants access through its shared-chat branch. It checks neither the requesting...

8CVSS5.7AI score0.0027EPSS
Exploits1References5
Patchstack
Patchstack
added 2026/05/14 8:26 p.m.9 views

NPM: Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution

NPM: Open WebUI: Missing workspace.tools Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution vulnerability discovered by ? in WordPress Npm open-webui versions 0.9.5...

7.2CVSS5.8AI score0.00437EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:26 p.m.12 views

Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution

Summary The tool update endpoint POST /api/v1/tools/id/id/update is missing the workspace.tools permission check that is present on the tool create endpoint. This allows a user who has been explicitly denied tool management capabilities and who the administrator considers untrusted for code...

7.2CVSS6.4AI score0.00437EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:21 p.m.13 views

Open WebUI missing authorization check at the model update function - models from other users can be updated

Summary A user can modify another user's model even if its visibility is set to Private. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here...

6.5CVSS5.8AI score0.00226EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/05/14 1:16 p.m.23 views

CVE-2026-4029

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

7.5CVSS0.0041EPSS
Exploits0References5
CVE
CVE
added 2026/05/14 12:32 p.m.13 views

CVE-2026-4029

The Database Backup for WordPress plugin (WordPress) is affected by unauthorized database export in all versions up to 2.5.2 due to improper enforcement of the authorization check return value. This enables unauthenticated attackers to export database tables, causing Sensitive Information Exposur...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References5
NVD
NVD
added 2026/05/14 6:16 a.m.12 views

CVE-2026-4524

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper...

6.5CVSS0.00291EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/13 2:21 p.m.9 views

CVE-2026-44125

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session...

9.3CVSS5.8AI score0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 1:27 p.m.46 views

CVE-2026-4607 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

4.3CVSS0.00234EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.20 views

PT-2026-40729

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description SiYuan's publish-mode Reader can modify configuration and SQL index data through eight ungated APIs. These endpoints are registered with model.CheckAuth but lack model.CheckAdminRole and...

7.2CVSS5.8AI score0.00207EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/12 2:21 a.m.44 views

CVE-2026-40134 Missing Authorization Check in SAP Incentive and Commission Management

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

4.3CVSS0.00198EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 2:21 a.m.9 views

CVE-2026-40134 Missing Authorization Check in SAP Incentive and Commission Management

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-39925

Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...

5.4CVSS5.8AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40291

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL CLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the admin users...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References3
OSV
OSV
added 2026/05/11 3:54 p.m.6 views

GHSA-267C-6GRR-H53F Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Impact App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affected configurations, specially crafted .rsc and segment-prefetch URLs can resolve to the same...

7.5CVSS5.8AI score0.01416EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/11 3:54 p.m.32 views

Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Impact App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affected configurations, specially crafted .rsc and segment-prefetch URLs can resolve to the same...

7.5CVSS5.8AI score0.01416EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.24 views

PT-2026-39891

Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description A missing authorization check in the file visibility function allows any authenticated user with REPORTER level access or higher to download attachments from private bugnotes they are not...

7.2CVSS5.8AI score0.0026EPSS
Exploits0References11
Microsoft CVE
Microsoft CVE
added 2026/05/10 8:1 a.m.10 views

PgBouncer missing authorization check in KILL_CLIENT admin command

...

4.3CVSS5.8AI score0.00287EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/09 1:16 a.m.10 views

CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References2
Rows per page
Query Builder