Lucene search
K

287 matches found

CVE
CVE
added 2026/06/25 4:5 p.m.12 views

CVE-2026-13350

CVE-2026-13350 involves incorrect permission checks during room creation, enabling an attacker to create room types they should not be allowed to create. Documented impact is limited to creation of restricted room types; CVSS v4.0 base score is 2.3 (LOW) with network attack vector and high comple...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:30 a.m.35 views

CVE-2026-12201 IObit Malware Fighter DLL permission

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

5.3CVSS0.00103EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.11 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

5.5AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

WordPress plugin Helpfulcrowd Product Reviews 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.6AI score0.00273EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.8 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Apache HTTP Server versions 2.4.67 and earlier have security vulnerabilities, which stem from...

5.5CVSS5.3AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 12:17 a.m.10 views

CVE-2026-11253

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00149EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

LibreChat 安全漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within one interface. LibreChat versions 0.8.3 and earlier have a security vulnerability caused by a file deletion permission issue...

8.1CVSS5.4AI score0.00265EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/01 3:32 a.m.12 views

CVE-2026-48190 Incorrect handling of permissions in External Interface Config Item List module

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:32 a.m.9 views

CVE-2026-48191

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

Nextcloud Forms 安全漏洞

NextCloud Forms is an open-source, hosted questionnaire and form creation tool developed by NextCloud. Versions of NextCloud Forms prior to 5.2.6 contained a security vulnerability due to a lack of permission checks. This vulnerability could allow users to request access to other users’ form...

6.5CVSS5.3AI score0.00291EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:48 p.m.8 views

CVE-2026-48810

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

WordPress plugin Visualizer: Tables and Charts Manager for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References8
CVE
CVE
added 2026/05/27 4:56 p.m.20 views

CVE-2026-48152

Budibase (open-source low-code) prior to 3.39.0 exposes a vulnerability where a Basic app user (mapped to WRITE permissions) can read an existing REST datasource, obtain redacted authConfigs, and update only the config.url. During update, mergeConfigs() restores the original secret when it detect...

8.1CVSS5.8AI score0.00257EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/20 5:7 p.m.10 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7.2AI score0.00292EPSS
Exploits0References8
CVE
CVE
added 2026/05/18 8:9 a.m.21 views

CVE-2026-3117

Mattermost plugins contain a permission-check flaw in the GitLab plugin command processing. Versions affected: Mattermost Plugins

6.5CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:30 p.m.7 views

CVE-2026-45316

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can...

3.5CVSS5.8AI score0.00218EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/15 9:24 p.m.15 views

EUVD-2026-30655

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels i.e., channels whose channel.type is neither group nor dm, the endpoint POST /api/v1/channels/channelid/messages/messageid/update can be accessed with read...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:19 p.m.9 views

CVE-2026-45301

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This...

8.1CVSS5.8AI score0.00273EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/15 9:19 p.m.14 views

EUVD-2026-30653

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This...

8.1CVSS5.8AI score0.00273EPSS
Exploits1References1
NVD
NVD
added 2026/05/15 9:16 p.m.23 views

CVE-2026-45386

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, Pin/Unpin is a write operation modifies the message's ispinned , pinnedby, pinnedat fields, but in standard channels it only checks read permission, allowing users with read-only...

4.3CVSS0.00204EPSS
Exploits1References1
Rows per page
Query Builder