PT-2026-41193

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.12 Description An Insecure Direct Object Reference IDOR exists in the retrieval API due to insufficient validation in the validate collection access function. While the function checks specific prefixes for use...

Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

Global Knowledge Base Enumeration via knowledge-bases Meta-Collection Affected Component Retrieval collection access validation: - backend/openwebui/routers/retrieval.py lines 2330-2355, validatecollectionaccess - backend/openwebui/routers/retrieval.py query endpoints, e.g. POST /query/doc Affect...

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

CVE-2026-32818

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the forum module in Admidio does not verify whether the current user has permission to delete forum topics or posts. Both the topicdelete and postdelete actions in forum.php only validate the CSRF token but perfo...

CVE-2026-32818 Admidio is Missing Authorization on Forum Topic and Post Deletion

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the forum module in Admidio does not verify whether the current user has permission to delete forum topics or posts. Both the topicdelete and postdelete actions in forum.php only validate the CSRF token but perfo...

CVE-2026-32818 Admidio is Missing Authorization on Forum Topic and Post Deletion

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the forum module in Admidio does not verify whether the current user has permission to delete forum topics or posts. Both the topicdelete and postdelete actions in forum.php only validate the CSRF token but perfo...

CVE-2025-14881

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

CVE-2025-14881 Insecure direct object reference

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

CVE-2025-14881 Insecure direct object reference

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

EUVD-2023-35294

Malicious code in bioql PyPI...

RLSA-2025:10074 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet CVE-2025-6424 firefox:...

PYSEC-2025-181

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

CVE-2025-46732 OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

RHEL 8 : firefox (RHSA-2025:10184)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:10184 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

ALSA-2025:10074 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet CVE-2025-6424 firefox:...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet CVE-2025-6424 firefox:...

SUSE-SU-2025:02123-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to MozillaFirefox 128.12.0 MFSA 2025-23, bsc1244670: - CVE-2025-6424: Use-after-free in FontFaceSet - CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID - CVE-2025-6426: No warning when opening...

SUSE-SU-2025:02122-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to MozillaFirefox 128.12.0 MFSA 2025-23, bsc1244670: - CVE-2025-6424: Use-after-free in FontFaceSet - CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID - CVE-2025-6426: No warning when opening...

Mozilla Firefox < 140.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-51 advisory. - Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory...

Mozilla Firefox ESR < 115.25

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.25. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-52 advisory. - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. CVE-2025-6424 - An attacke...