CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

GHSA-G8RR-7RJ2-F627 praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}

Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspaceid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project,...

8.1CVSS5.8AI score

Exploits0References2

Github Security Blog•added 3 days ago•10 views

praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}

5.8AI score

Exploits0References2Affected Software1

Positive Technologies•added 3 days ago•9 views

PT-2026-45485

Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspace id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project...

8.1CVSS5.8AI score

Exploits0References3

PyPA•added 2026/01/05 6:15 p.m.•7 views

PYSEC-2026-116

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation...

9.1CVSS5.8AI score0.00123EPSS

Exploits0References1Affected Software1

NVD•added 2026/01/05 6:15 p.m.•4 views

CVE-2025-61781

9.1CVSS0.00123EPSS

Exploits0References1

OSV•added 2026/01/05 6:15 p.m.•3 views

PYSEC-2026-116

9.1CVSS5.8AI score0.00123EPSS

Exploits0References1

EUVD•added 2026/01/05 5:53 p.m.•2 views

EUVD-2025-206242

7.1CVSS6AI score0.00123EPSS

Exploits0References1

CVE•added 2026/01/05 5:53 p.m.•10 views

CVE-2025-61781

OpenCTI prior to 6.8.1 is affected by an authorization flaw in the GraphQL mutation WorkspacePopoverDeletionMutation, which allows an authenticated user to delete workspace objects (dashboards, investigation cases) belonging to other users. The API does not verify ownership, enabling unauthorized...

9.1CVSS6.2AI score0.00123EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/01/05 5:53 p.m.•5 views

CVE-2025-61781 GraphQL IDOR allows authenticated user to delete workspace content of other users

7.1CVSS6.2AI score0.00123EPSS

Exploits0References1

OSV•added 2026/01/05 5:53 p.m.•3 views

CVE-2025-61781 GraphQL IDOR allows authenticated user to delete workspace content of other users

7.1CVSS6.4AI score0.00123EPSS

Exploits0References3

Cvelist•added 2026/01/05 5:53 p.m.•28 views

CVE-2025-61781 GraphQL IDOR allows authenticated user to delete workspace content of other users

7.1CVSS0.00123EPSS

Exploits0References1

Positive Technologies•added 2026/01/05 12:0 a.m.•3 views

PT-2026-1316

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.8.1 Description OpenCTI is a platform for managing cyber threat intelligence. A flaw exists in the WorkspacePopoverDeletionMutation GraphQL mutation where insufficient authorization checks allow users to delete...

9.1CVSS6.3AI score0.00123EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by