PT-2026-41282

Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-41267

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the smb inherit dacl function fails to verify that the variable-length Security Identifier SID described by sid.num subauth is fully contained within the Access...

PT-2026-41290

Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

PT-2026-41309

Name of the Vulnerable Software and Affected Versions Google Cloud Application Integration versions prior to 2026-01-23 Description Improper Access Control in several internal API endpoints allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary...

ROS-20260515-73-0028

A vulnerability in the JavaScript script handler V8 of the Google Chrome and Microsoft Edge browsers is related to access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260515-73-0055

A vulnerability in the DevTools component of the Google Chrome browser is related to access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions using a specially crafted HTML page...

PT-2026-41285

Name of the Vulnerable Software and Affected Versions Huawei HarmonyOS affected versions not specified Description A permission control issue exists in the web component. Successful exploitation of this flaw may affect the availability of the system. Recommendations At the moment, there is no...

PT-2026-41292

Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

Traefik 访问控制错误漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.46, 3.6.17, and 3.7.1 contained a access control vulnerability. This vulnerability stemmed from the Kubernetes Gateway API provider, which allowed tenants with permission to create...

CVE-2026-34253

A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause...

CVE-2026-44678

Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/accounthandle/projecthandle/previews/previewid endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-lev...

GHSA-5V57-8RXJ-3P2R python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection

Summary prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with the Command Injection vulnerability CWE-78 in substituteutcpargs tracked as GHSA-33p6-5jxp-p3x4, an attacker can exfiltrate all process-level secrets in a single...

Exploit for Improper Access Control in Joomla Joomla\!

Full-Lifecycle CMS Penetration Testing Joomla 4.2.5 📌 Pr...

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the retrieval process, specifically when validating access to knowledge base collections by UUID. An attacker can access, modify, or delete another user's...

Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint

Summary Pin/Unpin is a write operation modifies the message's ispinned , pinnedby, pinnedat fields, but in standard channels it only checks read permission, allowing users with read-only access to pin/unpin any message. Details...

GHSA-5GC6-XHV4-2WG6 Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint

Summary Pin/Unpin is a write operation modifies the message's ispinned , pinnedby, pinnedat fields, but in standard channels it only checks read permission, allowing users with read-only access to pin/unpin any message. Details...

Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED]

Summary An internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated user to append ?bypassfilter=true and bypass model access control checks to invoke admin-restricted models...

GHSA-V6QF-75PR-P96M Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED]

Summary An internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated user to append ?bypassfilter=true and bypass model access control checks to invoke admin-restricted models...

Open WebUI's chat completion API allows tool restrictions to be bypassed

Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. Details In the chatcompletion API, the parameters toolids and toolservers are supplied by the user. These...

Open WebUI has Broken Access Control for Completions API

Summary Any user X can continue the conversation of any other user Y, as long as the Chat ID of Y is known. User X does not even need to be an admin to do so. Details A user just needs to use the API endpoint: /api/chat/completions with their own API key generated in OWUI and the Chat ID of anoth...