Open WebUI 安全漏洞

Open WebUI is an open-source, scalable, feature-rich, and user-friendly self-hosted WebUI. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/v1/models/import endpoint, which allowed users with the workspace.models.import...

CVE-2026-40191

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

PT-2026-32041

Name of the Vulnerable Software and Affected Versions ClearanceKit versions prior to 5.0.4-beta-1f46165 Description ClearanceKit monitors file system access on macOS and applies access policies per process. Before version 5.0.4-beta-1f46165, the Endpoint Security event handler only verified the...

Discourse authorization issue vulnerability (CNVD-2026-17262)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse is vulnerable to an authorization issue. The vulnerability stems from the fact that a user who loses access to a topic can stil...

EUVD-2014-0713

Malware in sbrugna...

CVE-2025-8434

CVE-2025-8434 affects Code-projects Online Movie Streaming 1.0. The vulnerability is in an unknown function within /admin.php where manipulating the ID parameter leads to missing authorization, enabling remote exploitation. The exploit has been publicly disclosed. Connected documents provide no p...

CVE-2025-7947

A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to launch the attack remotely. The exploit has...

CVE-2025-53304 WordPress Contact Form – 7 : Hide Success Message plugin <= 1.1.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Rohil Contact Form – 7 : Hide Success Message contact-form-7-hide-success-message allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contact Form – 7 : Hide Success Message: from n/a through = 1.1.4...

CVE-2025-32862

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

CVE-2025-32856

Summary : CVE-2025-32856 affects Siemens TeleControl Server Basic before v3.1.2.2. The vulnerability is an SQL injection in the internal LockBufferingSettings path (and related methods listed in advisories) that can let an authenticated remote attacker bypass authorization, read/write the applica...

PT-2025-15259 · General · Kraken Stress Testing Toolkit

Уязвимость инструмента нагрузочного тестирования SIEM-систем Kraken Stress Testing Toolkit вызвана недостатками процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к защищаемой информации...

RHEL 9 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - redis: heap overflow in the lua cjson and cmsgpack libraries CVE-2022-24834 - Redis is an in-memory...

Fedora 37 : redis (2023-0e9e7544df)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0e9e7544df advisory. Redis 7.0.13 Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes CVE-2023-41053 Redis does not...

ROS-20230615-02

The vulnerability of the OpenSearch software package is related to the implementation of detailed access control rules document-level security, field-level security, and field masking when they were incorrectly applied to queries during extremely rare runtime conditions. Exploitation of the of th...

Race Condition

org.opensearch.plugin:opensearch-security is vulnerable to a Race Condition. Improper access authorization can occur from exceedingly rare race condition in the application which results in the failure to apply the fine-grained access control rules to queries. When the query cache eviction occurs...

GHSA-G8XC-6MF7-H28H OpenSearch issue with fine-grained access control during extremely rare race conditions

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. Fo...

GHSA-WMX7-X4JP-9JGG OpenSearch has issue with fine-grained access control of indices backing data streams

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. This issue can on...

CVE-2022-42909

WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to...

OpenSearch Project 安全漏洞

OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. A security vulnerability exists in OpenSearch Project versions prior to 1.3.7 and 2.x versions prior t...

CVE-2022-41918

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...