9 matches found
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the “fix” or “unfix” operations were write operations, but only read...
GHSA-WWHQ-CX22-F7VV Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint
Summary An IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same channel. This vulnerability affects the latest version v0.8.12 of Open WebUI. Details In the updatemessagebyid...
CVE-2026-32752
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit method contains a broken access control vulnerability that allows any authenticated user regardless of role or mailbox access to read and modify all...
CVE-2026-32752
FreeScout (PHP Laravel) prior to 1.8.209 is affected by a broken access control in ThreadPolicy::edit() that lets any authenticated user read and modify all customer messages across all mailboxes. The underlying issue enables silent modification of customer messages and bypasses mailbox-permissio...
EUVD-2026-13219
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit method contains a broken access control vulnerability that allows any authenticated user regardless of role or mailbox access to read and modify all...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in the Mattermost Apps Framework, which can be exploited by an attacker to send a POST request to the application's Webhook path and modify the content of messages...
Cross-site Scripting (XSS)
MediaWiki is vulnerable to cross-site scripting XSS. Allowing an attacker to modify messages is include raw HTML which NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier...
cyrus-imapd: buffer overflow in cyrus sieve
Buffer overflow in the SIEVE script component sieve/script.c, as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to...
Newsscript - Access Validation
Newsscript - Access Validation source: https://www.securityfocus.com/bid/12761/info NewsScript is reported prone to an access validation vulnerability. This issue may allow an unauthorized attacker to add, modify and delete messages. It is reported that an attacker can exploit this issue by issui...