8 matches found
Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls
IDOR: Retrieval API Bypasses Knowledge Base Access Controls Author: Andrew Orr Summary validatecollectionaccess PR 22109 checks the user-memory- and file- collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any authenticated user who...
CVE-2026-33420
A flaw was found in Vaultwarden. A Manager-role user with limited access permissions can exploit a missing authorization check in the getorgcollectionsdetails endpoint. This vulnerability allows the user to retrieve sensitive information, including names, UUIDs, and user and group mappings for al...
CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure
Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...
EUVD-2025-23952
Malicious code in bioql PyPI...
UBUNTU-CVE-2023-53256
In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Fix FFA device names for logical partitions Each physical partition can provide multiple services each with UUID. Each such service can be presented as logical partition with a unique combination of VM ID and...
CVE-2025-40920 Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable...
Gentoo Security Advisory GLSA 201412-16
Gentoo Linux Local Security Checks GLSA 201412-16 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
CouchDB: Denial of service
Background Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database. Description CouchDB does not properly sanitize the count parameter for Universally Unique Identifiers UUID requests. Impact A remote attacker could send a specially crafted request to CouchDB,...