305 matches found
CVE-2026-3117
Mattermost plugins contain a permission-check flaw in the GitLab plugin command processing. Versions affected: Mattermost Plugins
CVE-2026-45351 Open WebUI: Exposure of System Prompt to Regular User [Non-Admin]
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...
CVE-2026-44558
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filterallowedaccessgrants on either create or update paths. A non-admin user who can create group channels or who owns a channel can submit arbitrary...
CVE-2026-44558 Open WebUI: Channel Access Grants Bypass filter_allowed_access_grants
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filterallowedaccessgrants on either create or update paths. A non-admin user who can create group channels or who owns a channel can submit arbitrary...
CVE-2026-8621 Crabbox < v0.12.0 Authentication Bypass via Header Spoofing
Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a...
Missing Authorization
Overview github.com/portainer/portainer/api/http/proxy/factory/docker is a management UI which allows to manage different Docker environments. Affected versions of this package are vulnerable to Missing Authorization in the enforcement of endpoint security restrictions for non-admin users on Dock...
GHSA-5FXQ-QCF3-244W Portainer has an endpoint security bypass via Swarm service create/update
Summary Portainer enforces seven EndpointSecuritySettings restrictions that administrators configure to restrict the container configurations non-admin users can launch: privileged mode, host PID namespace, device mapping, capabilities, sysctls, security-opt Seccomp / AppArmor, and bind mounts. T...
Portainer has an endpoint security bypass via Swarm service create/update
Summary Portainer enforces seven EndpointSecuritySettings restrictions that administrators configure to restrict the container configurations non-admin users can launch: privileged mode, host PID namespace, device mapping, capabilities, sysctls, security-opt Seccomp / AppArmor, and bind mounts. T...
SUSE-SU-2026:1821-1 Security update for NetworkManager
This update for NetworkManager fixes the following issue: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359...
PYSEC-2026-126
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...
CVE-2026-42312 pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...
PT-2026-39672
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.19 Description Inconsistent authorization controls in the memories API allow a standard non-admin user to view, delete, and restore memories belonging to other users. A user can view existing memories using the...
CVE-2026-41660
Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A...
EUVD-2026-28272
Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A...
pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy via unrestricted `proxy.*` config (incomplete fix for CVE-2026-33509 / -35463 / -35464 / -35586)
Summary The setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The allowlist contains "proxy", "username" and "proxy", "password" — which protect the proxy credentials — but i...
GHSA-PG67-9WJV-MR85 pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy via unrestricted `proxy.*` config (incomplete fix for CVE-2026-33509 / -35463 / -35464 / -35586)
Summary The setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The allowlist contains "proxy", "username" and "proxy", "password" — which protect the proxy credentials — but i...
PT-2026-37051
CVE-2026-42313 pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set config value API method @permissionPerms.SETTINGS in src/p… https://t.co/8rZNAbQm5s...
CVE-2026-41339
OpenClaw vulnerability CVE-2026-41339 affects OpenClaw prior to 2026.4.2. The issue is an information disclosure via Gateway connect snapshots, where configPath and stateDir metadata are exposed to non-admin authenticated clients. This allows recovery of host-specific filesystem paths and deploym...
PT-2026-34559
Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.94 Description Four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a check permissions helper that validates authentication but fails to perform admin-action authorization...
zrok 安全漏洞
Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.1 contained security vulnerabilities. These vulnerabilities stemmed from logical errors in the unaccess processor, which could allow non-administrator users to delete the global frontend...