Lucene search
+L

7 matches found

osv
osv
added 2026/04/20 11:3 p.m.2 views

CVE-2026-34082 Dify has IDOR in deleting someone else's chat conversation

Dify is an open-source LLM app development platform. Prior to 1.13.1, the method DELETE /console/api/installed-apps//conversations/ has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue...

5.3CVSS5.9AI score0.00188EPSS
Exploits1References4
nvd
nvd
added 2026/01/14 7:16 p.m.11 views

CVE-2026-23477

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS0.00306EPSS
Exploits1References1
osv
osv
added 2026/01/14 6:16 p.m.9 views

CVE-2026-23477 Rocket.Chat Unauthorized Access to OAuth App Details

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS6.4AI score0.00306EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/01/14 12:0 a.m.14 views

PT-2026-2940

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS6.5AI score0.00306EPSS
Exploits1References2
thn
thn
added 2025/10/01 1:27 p.m.9 views

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management IAM solution that, if successfully exploited, could expose sensitive OpenID Connect OIDC application client secrets under certain circumstances. The vulnerability, tracked as CVE-2025-5936...

7.7CVSS6.2AI score0.00303EPSS
Exploits0
hackerone
hackerone
added 2020/12/28 10:56 p.m.202 views

h1-ctf: Hacky Holidays Writeup

On December 12th, 2020, the CTF became live and the scope that we are allowed to attack was In Scope Domain - hackyholidays.h1ctf.com Our main motive was to infiltrate his network and take him down. The challenges appeared one by one till 24th of December. Here we will be going through all the...

6.9AI score
Exploits0
osv
osv
added 2019/08/12 10:15 p.m.3 views

CVE-2019-14976

iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter...

6.1CVSS6.3AI score0.00826EPSS
Exploits1References1
Rows per page
Query Builder