Lucene search
+L

36 matches found

NVD
NVD
added 2026/07/09 5:17 p.m.8 views

CVE-2026-59213

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

5CVSS0.00273EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.8 views

PT-2026-56994

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description The EventSerializer could expose invited group names, sample invitees, and attendan...

5.3CVSS6.1AI score0.00364EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.6 views

CVE-2026-58296

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/20 3:24 p.m.3 views

CVE-2026-56218 Capgo - EXIF Metadata Exposure via Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...

6.9CVSS6AI score0.00205EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/17 11:7 p.m.2 views

CVE-2026-40480

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/personId endpoint loads and returns person records without performing object-level authorization checks. Although the legacy PersonView.php page enforces canEditPerson restrictions, the API layer...

7.1CVSS5.7AI score0.00336EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/17 9:16 a.m.14 views

CVE-2025-15623

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...

9.3CVSS0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 5:9 p.m.3 views

CVE-2026-33477 FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users’ file content

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint /api/file/snippet.php allows an authenticated user with only readown access to a folder to retrieve snippet content from files upload...

4.3CVSS5.8AI score0.00225EPSS
Exploits1References2
NVD
NVD
added 2026/03/20 11:16 p.m.4 views

CVE-2026-33180

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

8.2CVSS0.00264EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.16 views

HAPI FHIR 信息泄露漏洞

HAPI FHIR is an open-source Java-based HL7 FHIR API developed by HAPI FHIR. Versions of HAPI FHIR prior to 6.9.0 contained a vulnerability related to information leakage. This vulnerability occurred because the internal HTTP client, when setting HTTP request headers, sent the same set of headers ...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/18 10:6 p.m.2 views

CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS5.8AI score0.00207EPSS
Exploits1References2
OSV
OSV
added 2026/03/18 8:7 p.m.11 views

GHSA-P7M9-V2CM-2H7M HAPI FHIR HTTP authentication leak in redirects

Impact When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of...

9.8CVSS5.8AI score0.00264EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.8 views

CVE-2026-27835

wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet return all users' repetition config data because their getqueryset calls .all instead of filtering by the authenticated user. Any registered user...

4.3CVSS5.8AI score0.00257EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.4 views

SUSE CVE-2026-24735

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...

7.5CVSS5.3AI score0.00619EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 9:29 p.m.5 views

CVE-2026-25758

Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID parameters. This enables unauthorized access to...

8.7CVSS5.7AI score0.00599EPSS
Exploits1References11Affected Software1
CVE
CVE
added 2026/01/27 11:11 p.m.14 views

CVE-2025-54373

OpenEMR (open source EHR/PM) versions prior to 7.0.4 contain a data exposure vulnerability where contents of Clinical Notes and Care Plans with Sensitivity=high could be viewed and changed by users lacking high-sensitivity privileges. The issue is fixed in 7.0.4 (per CVE descriptions and Red Hat/...

7.1CVSS5.9AI score0.00372EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/01/08 3:27 p.m.17 views

CVE-2026-22246

Mastodon vulnerability (CVE-2026-22246): In 4.3, the severed-relationships notification feature allowed inspecting lost relationships, but the code that downloads lists of severed relationships did not verify the list owner. As a result, any registered local user could enumerate and access the se...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/17 11:47 p.m.4 views

BIT-MOODLE-2025-62400 Moodle: hidden group names visible to event creators

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

6.5CVSS6.6AI score0.00246EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/23 11:28 a.m.2 views

CVE-2025-62400 Moodle: hidden group names visible to event creators

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

4.3CVSS6.3AI score0.00246EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/16 3:19 p.m.5 views

CVE-2025-62400

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

4.3CVSS6.7AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/16 2:0 p.m.9 views

CVE-2025-53950

An Exposure of Private Personal Information 'Privacy Violation' vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and...

5.5CVSS0.00168EPSS
Exploits0References1
Rows per page
Query Builder