32 matches found
CVE-2026-44554 Open WebUI: Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collectionname and an overwrite query parameter default: True. It performs no authorization check on whether t...
PT-2026-37220
Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get org collections details endpoint GET /api/organizations/org id/collections/details is missing the has full access authorization check that exists on the sibling get org collections endpoint. This...
Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers
Summary Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive...
OpenRemote has Improper Access Control via updateUserRealmRoles function
Summary A user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the identity provider but does not check that the caller may administer that realm...
EUVD-2026-24658
The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...
GHSA-V9W4-GM2X-6RVF File Browser share links remain accessible after Share/Download permissions are revoked
When an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. Verified with a running PoC against v2.62.2 commit...
GHSA-M577-W9J8-CH7J AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter
Summary AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and draft workflows. The setStatus method validates the status code again...
Langflow is Missing Ownership Verification in API Key Deletion (IDOR)
Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | src/backend/base/langflow/api/v1/apikey.py:44-53 | | Practical Exploitability | High | | Developer Approver | [email protected] | Description The deleteapikeyroute endpoint accepts an apikeyid path parameter a...
EUVD-2026-10462
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...
EUVD-2026-10443
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced...
CVE-2026-27687 Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal
Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...
CVE-2026-1938
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...
PT-2026-7200
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the...
PT-2026-6241
Name of the Vulnerable Software and Affected Versions WPElemento Importer versions through 0.6.4 Description The WPElemento Importer software contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue is a missing...
OpenCTI 安全漏洞
OpenCTI is an open source cyber threat intelligence platform from OpenCTI Open Source. A security vulnerability exists in OpenCTI versions prior to 6.8.1, which stems from a lack of authorization checking in a GraphQL mutation that could lead to unauthorized resource deletion...
Apache OpenOffice 安全漏洞
Apache OpenOffice is an open source office software suite from the Apache USA Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases and more. A security vulnerability exists in Apache OpenOffice versions 4.1.15 and earlier, which stems from a lack of...
CVE-2025-12134
CVE-2025-12134 affects the ZoloBlocks Gutenberg block plugin for WordPress. All versions up to 2.3.11 lack a capability check in update_popup_status(), enabling unauthenticated users to enable/disable popups (unauthorized data modification). The CVE maps to a Medium severity (CVSS ~5.3). Remediat...
PT-2025-41844
Name of the Vulnerable Software and Affected Versions SAP S/4HANA affected versions not specified Description An authenticated attacker with basic privileges can delete conditions from any shared rule of any user by manipulating the request parameter. This is due to a missing authorization check,...
CVE-2025-42917 Missing Authorization check in SAP HCM (Approve Timesheets Fiori 2.0 application)
SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected...
CVE-2025-44004
Affected: Mattermost Confluence Plugin (