Lucene search
K

578 matches found

Github Security Blog
Github Security Blog
added 2026/05/08 7:43 p.m.16 views

Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access Affected Component Socket.IO session state and role-check callsites: - backend/openwebui/socket/main.py lines 330-351, connect handler — role snapshotted into SESSIONPOOL - backend/openwebui/socket/main.py lin...

8.1CVSS5.8AI score0.00284EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/08 7:43 p.m.10 views

GHSA-45M8-CPM2-3V65 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access Affected Component Socket.IO session state and role-check callsites: - backend/openwebui/socket/main.py lines 330-351, connect handler — role snapshotted into SESSIONPOOL - backend/openwebui/socket/main.py lin...

8.1CVSS5.8AI score0.00284EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.22 views

PT-2026-39270

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Administrative role changes and user deletions do not invalidate the SESSION POOL in-memory dictionary. When a user connects via Socket.IO, their role is snapshotted into this pool. Because the...

8.1CVSS5.8AI score0.00284EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/06 9:41 p.m.8 views

Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code Execution by admin users

Summary Multiple classes evaluate Spring Expression Language SpEL expressions from user-supplied input using StandardEvaluationContext, which provides unrestricted access to Java types and methods. An authenticated user with the ADMIN role can achieve Remote Code Execution and credential...

9.1CVSS6AI score0.00576EPSS
Exploits0References3Affected Software3
Snyk
Snyk
added 2026/05/05 5:51 p.m.14 views

Server-side Request Forgery (SSRF)

Overview edx-enterprise is a Your project description goes here Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the syncproviderdata function. An attacker can cause the server to make arbitrary HTTP requests to internal or external resources by supplying a...

8.5CVSS5.9AI score0.00301EPSS
Exploits1References2
CVE
CVE
added 2026/04/21 11:41 p.m.40 views

CVE-2026-41133

The CVE concerns pyLoad (Python download manager). Affected: versions up to 0.5.0b3.dev97. Root cause: the session cache stores user role/permissions at login and continues to authorize requests using these cached values even after an admin changes the user’s role/permissions in the database. Thi...

8.8CVSS5.7AI score0.00325EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/15 3:17 p.m.3 views

CVE-2026-20203 Improper Access Control in Data Model Acceleration in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles, has write permission on...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 3:17 p.m.19 views

CVE-2026-20203

CVE-2026-20203 describes improper access control in Data Model Acceleration for Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127. A low-privilege user ...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.6 views

PT-2026-33065

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles, has write permission on...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33067

Name of the Vulnerable Software and Affected Versions Splunk MCP Server app versions prior to 1.0.3 Description A user with a role that has access to the Splunk internal index or the high-privilege capability mcp tool admin can view user session and authorization tokens in clear text. This issue...

7.2CVSS6AI score0.00278EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/14 9:37 p.m.6 views

CVE-2026-40291 Chamilo LMS has Privilege Escalation via API User Role Modification

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an insecure direct object modification vulnerability in the PUT /api/users/id endpoint allows any authenticated user with ROLESTUDENT to escalate their privileges to ROLEADMIN by modifying the roles field o...

8.8CVSS5.9AI score0.00316EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 9:37 p.m.11 views

CVE-2026-40291

Chamilo LMS exposes an insecure direct object modification in PUT /api/users/{id} prior to version 2.0.0-RC.3, allowing any authenticated user with ROLE_STUDENT to escalate to ROLE_ADMIN by modifying their own roles field. The API Platform check is_granted('EDIT', object) only verifies ownership,...

8.8CVSS5.9AI score0.00316EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.11 views

PT-2026-41203

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description LDAP and OAuth authentication flows use a Time-of-Check-Time-of-Use TOCTOU pattern—a race condition where a system checks a condition and then uses the result of that check, but the condition...

8.1CVSS5.8AI score0.00354EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2026/04/06 11:24 p.m.5 views

SUSE CVE-2026-34389

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS5.9AI score0.00184EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 9:59 p.m.6 views

GHSA-53MR-6C8Q-9789 LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint

Impact The /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify proxy configuration and environment variables - Register custom pass-through endpoint handlers pointing to...

8.7CVSS6.3AI score0.26409EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.3 views

CVE-2026-33950

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...

9.4CVSS5.9AI score0.00418EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30278

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.0 Description LiteLLM is a proxy server for LLM APIs. The /config/update API endpoint did not enforce admin role authorization, allowing authenticated users to modify proxy configurations and environment variable...

8.8CVSS6.5AI score0.26409EPSS
Exploits2References14
NVD
NVD
added 2026/04/02 5:16 p.m.7 views

CVE-2026-33950

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...

9.4CVSS0.00418EPSS
Exploits1References2
CVE
CVE
added 2026/04/02 4:8 p.m.10 views

CVE-2026-33950

SignalK server (signalk-server) is affected. Before version 2.24.0-beta.4, there is a privilege escalation via Admin Role Injection through /enableSecurity. An unauthenticated attacker can gain full Administrator access to the server, potentially modifying vessel routing data, server configuratio...

9.4CVSS5.8AI score0.00418EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:8 p.m.5 views

CVE-2026-33950

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...

9.4CVSS5.8AI score0.00418EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder