Lucene search
K

8 matches found

NVD
NVD
added 2026/07/07 11:16 p.m.6 views

CVE-2026-59704

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS0.00216EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/07/07 10:18 p.m.4 views

CVE-2026-59704 Cap - Missing Access Control in Video AI Metadata Endpoint

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS6AI score0.00216EPSS
Exploits0References5
OSV
OSV
added 2026/03/27 7:10 a.m.7 views

BIT-DISCOURSE-2026-32114 Discourse's unscoped status lookups leak restricted metadata

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their identifiers. Th...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 6:8 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the save.json.php process. An attacker can access and exfiltrate confidential AI-generated metadata and...

5.3CVSS5.9AI score0.00214EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-32114

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/20 3:13 a.m.5 views

EUVD-2026-13526

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 3:13 a.m.4 views

CVE-2026-32114

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.9 views

PT-2026-26549

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References4
Rows per page
Query Builder