40 matches found
PT-2026-41189
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An issue exists where users granted read access to a model can also read the model's system prompt, which may contain confidential information. This occurs because the workspace model edit page...
CVE-2023-49241
API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality...
EUVD-2023-48465
Malicious code in bioql PyPI...
EUVD-2025-15867
Malicious code in bioql PyPI...
EUVD-2025-12103
Malicious code in bioql PyPI...
EUVD-2023-53244
Malicious code in bioql PyPI...
Security Bulletin: IBM OpenPages API permission security fixes
Summary Security fixes for a set of APIs that allowed unprivileged users to access sensitive information have been included in the latest IBM OpenPages fix packs for both versions 9.0 and 8.3. Vulnerability Details CVEID:CVE-2025-1112 DESCRIPTION: IBM OpenPages with Watson could allow an...
Mattermost allows guest users to view information about public teams they are not members of
Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...
CVE-2023-52106
Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability...
CVE-2023-36387
An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...
CVE-2025-48391
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API...
CVE-2025-48391
CVE-2025-48391 affects JetBrains YouTrack before 2025.1.76253. The root cause is missing permission checks in the API, enabling deletion of issues. Connected sources (PT-2025-22284, CNVD-2025-11397, Red Hat CVE, NVD) corroborate the same impact and affected version range. Practical impact is dele...
CVE-2025-48391
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API...
PT-2025-22284 · Jetbrains · Youtrack
Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2025.1.76253 Description: The issue is related to missing permission checks in the API, which allowed deletion of issues. Recommendations: For versions prior to 2025.1.76253, update to version 2025.1.76253...
CVE-2023-52106
Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability...
Code injection
The DownloadProviderMain module has a vulnerability in API permission verification. Successful exploitation of this vulnerability may affect integrity and availability...
CVE-2023-52106
Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability...
PT-2024-14403 · Unknown · Downloadprovidermain
Name of the Vulnerable Software and Affected Versions: DownloadProviderMain module affected versions not specified Description: The issue concerns a vulnerability in permission verification for APIs within the DownloadProviderMain module. Successful exploitation of this vulnerability may affect...
CVE-2023-49241
API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2023-44106
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally...