Lucene search
K

78 matches found

NVD
NVD
added last week6 views

CVE-2026-59704

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS0.00216EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 6:0 a.m.17 views

CVE-2026-11880

The CVE-2026-11880 entry concerns Fluent Forms WordPress plugin versions prior to 6.2.1, where ownership is not properly verified before processing a subscription cancellation request. This allows authenticated users with a low-privilege account to cancel subscriptions belonging to other users du...

3.1CVSS5.8AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 5:17 p.m.34 views

CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS0.0021EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/29 5:17 p.m.7 views

CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 11:32 p.m.12 views

EUVD-2026-38062

gonic: Path Traversal in playlist id bypasses ownership check, enabling any user to read/delete other users' playlists...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/26 11:32 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 11:32 p.m.5 views

GHSA-2FP4-5V5C-4448 gonic: Path Traversal in playlist `id` bypasses ownership check, enabling any user to read/delete other users' playlists

Summary The maintainer's recent fix in 6dd71e6a3c966867ef8c900d359a7df75789f410 fixsubsonic: enforce playlist ownership on getPlaylist/deletePlaylist added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controlled...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 6:0 a.m.36 views

CVE-2026-8380 Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...

0.00342EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 2:16 a.m.11 views

CVE-2026-50739

A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the tracker-campaigns.php script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to...

4.3CVSS0.00287EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 1:11 a.m.21 views

CVE-2026-50739

Revive Adserver 6.0.7 and earlier expose a bypass of ownership validation in the reverse operation that links campaigns and trackers via tracker-campaigns.php. A low-privilege user could link their trackers to campaigns owned by other managers on the same instance, causing inconsistent ownership ...

4.3CVSS5.8AI score0.00287EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-56767

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.8CVSS0.0033EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 6:3 p.m.12 views

CVE-2026-56767

Maxun before version 0.0.42 is affected by a cross-tenant insecure direct object reference in storage and webhook API handlers. Authenticated users can bypass ownership checks to read other users’ robots and OAuth tokens, including plaintext Google and Airtable tokens, and can modify, delete, or ...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-54022

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs b...

5.3CVSS0.00268EPSS
Exploits1References1
OSV
OSV
added 2026/06/23 4:38 p.m.4 views

CVE-2026-54022 Open WebUI: Any authenticated user can read other users' private notes via Socket.IO

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs b...

5.3CVSS6AI score0.00268EPSS
Exploits1References3
NVD
NVD
added 2026/06/19 7:16 p.m.17 views

CVE-2026-49339

gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit 6dd71e6a3c966867ef8c900d359a7df75789f410 added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controll...

7.1CVSS0.00262EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:23 p.m.6 views

CVE-2026-49339

gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit 6dd71e6a3c966867ef8c900d359a7df75789f410 added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controll...

7.1CVSS6AI score0.00262EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/19 6:23 p.m.29 views

CVE-2026-49339

Summary: CVE-2026-49339 affects gonic’s getPlaylist/deletePlaylist endpoints. A path traversal-like flaw in the ownership check allows any authenticated Subsonic user to read or delete another user’s playlist and probe host paths. The root cause is that playlist.UserID is derived from the first p...

7.1CVSS6AI score0.00262EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 6:5 p.m.2 views

GHSA-8788-J68R-3CGH Open WebUI: Any authenticated user can read other users' private notes via Socket.IO

Summary The ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs by replacing colons with underscores documentid.replace":", "". An attacker can join a document room using no...

5.3CVSS5.8AI score0.00268EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-49069

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description A low-privileged authenticated user with create and delete permissions in their own isolated scope can delete share-link records belonging to any other user, including the administrator. This...

7.2CVSS5.9AI score0.00411EPSS
Exploits0References9
NVD
NVD
added 2026/06/10 3:16 p.m.17 views

CVE-2026-53470

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

9.6CVSS0.0028EPSS
Exploits0References3
Rows per page
Query Builder