Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI based on the open-source Open WebUI framework. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the ydoc:document:update Socket.IO event handler, which checke...

CVE-2022-23143

ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files...

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

Jenkins plugins Multiple Vulnerabilities (2025-10-29)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with...

EUVD-2020-29928

Malware in sbrugna...

EUVD-2021-14889

Malware in sbrugna...

CVE-2025-54831

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...

Moodle 4.5.x < 4.5.5 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.19, or 4.4.x prior to 4.4.9, or 4.5.x prior to 4.5.5, or 5.x prior to 5.0.1. It is, therefore, affected by multiple vulnerabilities : - A stricter capability check was required to restrict...

CVE-2025-26693

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission...

CVE-2025-26691

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission...

CVE-2019-5259

There is an information leakage vulnerability on some Huawei productsAR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600. An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an...

PT-2024-31664 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow version 2.10.0 Description: The issue allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. This is related to the example DAG example inlet event extra.py shipped with Apache Airflow...

Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034

This module enables you to configure a wiki-like input filter that allows users to create links to site and external content. The module doesn't sufficiently check if a user has access to some URLs before rendering them as links. This vulnerability is mitigated by the fact that an attacker must...

CVE-2024-38273 moodle: BigBlueButton web service leaks meeting joining information to users who should not have access

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access...

CVE-2024-38273

CVE-2024-38273 involves Moodle integration with BigBlueButton. Insufficient capability checks can let users access join URLs they should not see, causing information disclosure of meeting access tokens. Evidence: OSV entry BIT-MOODLE-2024-38273 and Nessus notes of unpatched status; Fedora updates...

CVE-2023-4065 Operator: plaintext password in operator log

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions...

Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure Vulnerability

Microsoft SQL Server 2014, 2016, 2017, 2019, and 2022 appears to ignore audit rules for sys.sysxlgns allowing an attacker with administrative permissions to extract password hashes under the radar. Microsoft told the researcher they are not willing to fix it but acknowledge it as a security...

CVE-2022-36831

Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission...

Delicious Brains Advanced Custom Fields Information Disclosure Vulnerability

Delicious Brains Advanced Custom Fields is an advanced custom fields plugin from Delicious Brains Canada.An information disclosure vulnerability exists in Delicious Brains Advanced Custom Fields, which stems from a lack of authorization related to obtaining user lists. The vulnerability stems fro...

Microsoft Windows SSDP Service 权限许可和访问控制问题漏洞

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation-of-privilege vulnerability exists in the "SSDP service" of Microsoft Windows/Windows Server. N...