Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2026/05/14 8:26 p.m.12 views

Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls

IDOR: Retrieval API Bypasses Knowledge Base Access Controls Author: Andrew Orr Summary validatecollectionaccess PR 22109 checks the user-memory- and file- collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any authenticated user who...

7.5CVSS5.9AI score0.00331EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/08 11:24 a.m.8 views

CVE-2026-33420

A flaw was found in Vaultwarden. A Manager-role user with limited access permissions can exploit a missing authorization check in the getorgcollectionsdetails endpoint. This vulnerability allows the user to retrieve sensitive information, including names, UUIDs, and user and group mappings for al...

5.3CVSS5.6AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/09 6:4 p.m.27 views

CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

9.2CVSS0.00471EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23952

Malicious code in bioql PyPI...

3.7CVSS6.6AI score0.00218EPSS
Exploits0References2
OSV
OSV
added 2025/09/15 3:15 p.m.5 views

UBUNTU-CVE-2023-53256

In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Fix FFA device names for logical partitions Each physical partition can provide multiple services each with UUID. Each such service can be presented as logical partition with a unique combination of VM ID and...

5.5CVSS5.7AI score0.00136EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/08/11 8:19 p.m.2 views

CVE-2025-40920 Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable...

6AI score0.00388EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2015/09/29 12:0 a.m.18 views

Gentoo Security Advisory GLSA 201412-16

Gentoo Linux Local Security Checks GLSA 201412-16 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

5CVSS5.1AI score0.22289EPSS
Exploits1References1
Gentoo Linux
Gentoo Linux
added 2014/12/13 12:0 a.m.36 views

CouchDB: Denial of service

Background Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database. Description CouchDB does not properly sanitize the count parameter for Universally Unique Identifiers UUID requests. Impact A remote attacker could send a specially crafted request to CouchDB,...

5CVSS6.4AI score0.22289EPSS
Exploits1
Rows per page
Query Builder