115 matches found
CVE-2026-53729
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...
CVE-2026-53729 DataEase ExportCenter IDOR allows cross-user export task access
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...
CVE-2026-53729
DataEase (open source data visualization/analysis tool) contains an IDOR in the ExportCenter area. Before version 2.10.24, an authenticated user could manipulate the task ID to download, delete, retry, or generate download links for export tasks belonging to other users; additionally, the /export...
PYSEC-2026-1803 pretix has Broken Access Control Allowing Cross-User File Access via UUID
Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...
EUVD-2026-41539
Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...
CVE-2026-7663
Langflow OSS 1.0.0–1.9.6 is affected by an improper authorization vulnerability in the Streamable MCP transport endpoint (/api/v1/mcp/project/{project_id}/streamable) that allows unauthenticated attackers to access protected MCP resources and perform MCP operations. IBM bulletin cites cross‑user ...
CVE-2026-7663 Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass
IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...
EUVD-2026-38067
Subsonic API: any authenticated user can delete or read any other user's playlist IDOR...
Security Bulletin: Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass
Summary An improper authorization vulnerability in Streamable MCP transport endpoint /api/v1/mcp/project/projectid/streamable allows unauthenticated attackers to bypass project ownership controls and execute Model Context Protocol MCP operations against OAuth-authenticated projects owned by other...
CVE-2026-54010
CVE-2026-54010 affects Open WebUI prior to version 0.9.6. An authenticated user could attach arbitrary file_id values to their own chat messages without ownership/read checks, and then leverage a forged chat-file link to access or delete the victim’s file via shared-chat authorization. The root c...
CVE-2026-33760
Langflow (pre-1.9.0) exposes an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints (including builds, messages, and transactions) allow read, write, and delete actions on user-owned resources without verifying ownership, enabling an attacker to access or modify another user’s ...
CVE-2026-45732 n8n: Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate ...
CVE-2026-54307 n8n: Credential Exfiltration via Permission Bypass
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to...
PT-2026-51009
Name of the Vulnerable Software and Affected Versions gonic versions prior to 0.21.0 Description An authenticated Subsonic user can bypass ownership checks to read or delete playlists belonging to other users and probe arbitrary file paths on the host for existence or readability. This occurs...
Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion
Summary Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the referenced files. Open WebUI then treats meta.knowledge entries of type file as an authorization source in two...
Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field
summary POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the global file table with no ownership check. An authenticated user can therefore set imageurl.url to another...
PT-2026-50481
Name of the Vulnerable Software and Affected Versions Open-webui affected versions not specified Description An authenticated user can access files belonging to other users by exploiting a lack of ownership verification in the image processing path. When the POST endpoint "/api/chat/completions"...
CVE-2026-53470
CVE-2026-53470 affects migration-planner. An authenticated attacker can exploit an improper access control on /api/v1/sources/{id}/image-url to bypass ownership checks and obtain presigned S3 URLs for other users’ Open Virtual Appliance (OVA) images, potentially downloading images containing long...
CVE-2025-66171
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the...
CVE-2026-45267
Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...