EUVD-2026-31063

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

CVE-2026-44562

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

PT-2026-41197

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description Multiple endpoints accept a user-supplied file id and attach the referenced file to a resource controlled by the caller, such as folder knowledge or knowledge-base contents, without verifying if t...

CVE-2026-29204

CVE-2026-29204 concerns insufficient ownership checks in the PHP script clientarea.php, enabling an authenticated client to submit requests using another user’s addonId and access the victim’s resources and their cPanel account. The connected documents confirm this is a high-severity issue with e...

CVE-2026-33030 Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

PT-2026-29091

Nginx-UI and Affected Versions Nginx-UI versions 2.3.3 and prior Description Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a us...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained a security vulnerability. This vulnerability stemmed from the lack of ownership checks for the/api/v1/retrieval/process/files/batch endpoint, which cou...

CVE-2026-28788

Open WebUI vulnerability CVE-2026-28788 affects the self-hosted Open WebUI AI platform. Before version 0.8.6, an authenticated user can overwrite any file’s content by ID via POST /api/v1/retrieval/process/files/batch. The endpoint performs no ownership check, enabling a user with read access to ...

CVE-2026-31867 Craft Commerce has a Potential IDOR in Commerce carts

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.11.0 and 5.6.0, An Insecure Direct Object Reference IDOR vulnerability exists in Craft Commerce’s cart functionality that allows users to hijack any shopping cart by knowing or guessing its 32-character number. The CartController...

EUVD-2026-8913

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. user-environments.resolver.ts:82-109, updateUserEnvironment mutation uses @UseGuardsGqlAuthGuard but is missing the @GqlUser...

CVE-2026-25810

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/student.submission.routes.ts verify authentication but fails to enforce object-level authorization ownership checks...

PT-2026-7162

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...

EUVD-2025-206242

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation...

CVE-2025-34436

AVideo versions prior to 20.1 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks...

CVE-2025-34436

AVideo versions prior to 20.1 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks...

EUVD-2025-203955

AVideo versions prior to 20.0 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects...

CVE-2025-34437

Summary: AVideo versions prior to 20.1 allow any authenticated user to upload comment images to videos owned by other users due to missing ownership checks in the /comment_images endpoint. What’s affected: AVideo before 20.1 (video comment image upload path). Root cause: Authentication is validat...

AVideo 安全漏洞

AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions prior to 20.0, which stems from a lack of ownership checking in the upload function that could cause an authenticated user to upload files to another user...

CVE-2025-65097

RomM (ROM Manager) prior to versions 4.4.1 and 4.4.1-beta.2 is affected by an IDOR-like issue where an authenticated user can delete other users’ collections by sending a DELETE request to the /collections endpoint without ownership verification. Exploitation details or in-the-wild status are not...

CVE-2025-12847

The CVE-2025-12847 entry applies to the WordPress plugin All in One SEO (