Lucene search
K

181 matches found

EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-40416

yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected endpoint lacking the @PreAuthorize annotation...

7.1CVSS5.9AI score
Exploits0References4
NVD
NVD
added 2 days ago8 views

CVE-2026-57943

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS0.0021EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-39626

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...

6.5CVSS5.9AI score0.00342EPSS
Exploits1References1
NVD
NVD
added last week6 views

CVE-2026-55611

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow...

0.00236EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52036

Name of the Vulnerable Software and Affected Versions AnythingLLM versions 1.11.1 through 1.14.0 Description An issue exists where the application fails to perform ownership checks when deleting parsed files. Specifically, the 'POST /api/workspace/:slug/embed-parsed-file/:fileId' endpoint deletes...

5.8AI score0.00236EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/23 8:9 p.m.27 views

CVE-2026-47388 NocoDB: Missing Ownership Check in MCP Attachment Read

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not...

2.3CVSS0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 4:30 p.m.37 views

CVE-2026-33760 Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without...

8.8CVSS0.00291EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:30 p.m.19 views

CVE-2026-33760

Langflow (pre-1.9.0) exposes an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints (including builds, messages, and transactions) allow read, write, and delete actions on user-owned resources without verifying ownership, enabling an attacker to access or modify another user’s ...

8.8CVSS5.9AI score0.00291EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/06/23 3:47 p.m.19 views

CVE-2026-54307

Summary: CVE-2026-54307 affects n8n prior to versions 1.123.55, 2.25.7, and 2.26.2, where a member-level editor of a shared workflow could reference credentials they do not own due to partial credential ownership checks, enabling cross-user credential access via public API endpoints. The issue is...

9.6CVSS5.8AI score0.00315EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.8 views

Concurrent Ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption

Summary Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still...

9.8CVSS6AI score0.0016EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/18 8:16 a.m.11 views

CVE-2026-12111

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

4.3CVSS0.00285EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/06/18 3:41 a.m.7 views

CVE-2026-10023

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the changeorderstatus, addordernote, deleteordernote,...

4.3CVSS5.6AI score0.0025EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/06/17 2:11 p.m.13 views

Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

summary POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the global file table with no ownership check. An authenticated user can therefore set imageurl.url to another...

6.5CVSS5.3AI score0.00366EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-50173

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An open source workflow automation platform contains an issue where a member-level user with editor access to a shared workflow can reference...

9.6CVSS5.9AI score0.00315EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/15 9:55 p.m.7 views

EUVD-2026-37013

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 9:55 p.m.5 views

CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 11:9 p.m.7 views

GHSA-598G-H2VC-H5VG nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation

The /api/v1/ route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at internal/api/hosts.go:384: "API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer." The Web UI gates state-changing routes...

9.9CVSS5.6AI score0.00024EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/08 11:9 p.m.13 views

nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation

The /api/v1/ route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at internal/api/hosts.go:384: "API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer." The Web UI gates state-changing routes...

5.6AI score0.00024EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/06 3:28 a.m.12 views

EUVD-2026-34957

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

5.3CVSS5.5AI score0.00813EPSS
Exploits0References24
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41704

AgentClienthandlemethod lines 264-303 processes every NATS reply. It calls injectcompilelog line 273 on every response, which reads response'value''result''compilelogid' line 332-338 and passes it to downloadanddeleteblob. Separately, any response containing 'exception' goes through formatexcepti...

6.8CVSS5.5AI score0.00083EPSS
Exploits0References1
Rows per page
Query Builder