CVE-2026-45671

Open WebUI vulnerability CVE-2026-45671 affects the shared-chat branch in the file authorization path. The has_access_to_file() gate unconditionally returns True for shared-chat references, ignoring the requesting user identity and the operation type. This allows any authenticated user to delete ...

Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion

Summary Any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile authorization gate unconditionally grants access through its shared-chat branch. It checks neither the requesting...

CVE-2026-7500

CVE-2026-7500 affects Keycloak server when started with --features-disabled=account,account-api. Affected component: Account REST API under /account/v1alpha1. Root cause: five endpoints remain fully functional because they lack the checkAccountApiEnabled() gate that blocks four other endpoints in...

CVE-2013-3767

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite Access Gate 1.2.1 allows remote attackers to affect integrity via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite Access Gate 1.2.1 allows remote attackers to affect integrity via unknown vectors...

CVE-2013-3767

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite Access Gate 1.2.1 allows remote attackers to affect integrity via unknown vectors...

CVE-2013-3767

CVE-2013-3767 corresponds to an unspecified vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite Access Gate 1.2.1. The issue is remote-authenticated? (description does not state) with integrity impact via unknown vectors. The vulnerability is listed in the ...