CVE-2026-45672

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

EUVD-2026-30638

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

PT-2026-36569

Name of the Vulnerable Software and Affected Versions User Verification by PickPlugins versions prior to 2.0.47 Description The User Verification by PickPlugins plugin for WordPress allows unauthenticated attackers to log in as any user with a verified email address, including administrators. Thi...

SailPoint IdentityIQ 安全漏洞

SailPoint IdentityIQ is a security software developed by SailPoint Corporation. It provides credit monitoring, identity protection, and antivirus features. There are security vulnerabilities in versions of SailPoint IdentityIQ prior to version 8.5p2, 8.4, and 8.4p4. These vulnerabilities stem fro...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability arises from verified users with the UMA protection role being able to bypass UMA policy verification. This could allow attackers to include...

ZKTeco ZKAccess Professional 安全漏洞

ZKTeco ZKAccess Professional is an access control software developed by ZKTeco Technology ZKTeco in China. Version 3.5.3 of ZKTeco ZKAccess Professional contains a security vulnerability. This vulnerability stems from insecure file permissions, which may allow verified users to elevate their...

Backstage 信息泄露漏洞

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 3.1.5 contained a vulnerability related to information leakage. This vulnerability occurred because verified users with permission to conduc...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained security...

OliveTin 安全漏洞

OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 300.11.1 contained security vulnerabilities. These vulnerabilities were due to authorization flaws, which could allow verified users with the view: false permission to enumerate bindings and metadata...

OliveTin 安全漏洞

OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 3.00.11.1 contained security vulnerabilities. These vulnerabilities were caused by authentication context confusion in the RestartAction, which could allow low-privilege verified users to perform...

SAP ABAP Platform 安全漏洞

SAP ABAP Platform is an ABAP-based SAP solution developed by the German company SAP. There is a security vulnerability in SAP ABAP Platform, which stems from the unauthorized activation of functional modules that fail to perform necessary authorization checks on verified users. This vulnerability...

X Didn’t Fix Grok's ‘Undressing’ Problem. It Just Makes People Pay for It

X is allowing only “verified” users to create images with Grok. Experts say it represents the “monetization of abuse”—and anyone can still generate images on Grok’s app and website...

CVE-2025-41410

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

CVE-2024-35237

MIT IdentiBot is affected by a vulnerability in versions prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e (Node.js-based open-source Discord bot). The flaw allows any user on a public Discord application to join a server and execute slash and user commands without server authorization che...

Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users

Twitter is officially beginning to roll out support for encrypted direct messages DMs on the platform, more than five months after its chief executive Elon Musk confirmed plans for the feature in November 2022. The "Phase 1" of the initiative will appear as separate conversations alongside existi...

Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users

Twitter is officially beginning to roll out support for encrypted direct messages DMs on the platform, more than five months after its chief executive Elon Musk confirmed plans for the feature in November 2022. The "Phase 1" of the initiative will appear as separate conversations alongside existi...

Tweep - An Advanced Twitter Scraping Tool

Tweep is an advanced Twitter scraping tool written in python that allows for scraping Tweets and pictures from Twitter profiles without using Twitter's API. Benefits Some of the benefits of using Tweep vs Twitter API: Fast initial setup Can be used anonymously No rate limitations Can fetch all...