CVE-2026-44567

Open WebUI improperly authorizes users with a pending role. The CVE describes that prior to v0.1.124 the API does not validate that a user has an authorized role, allowing a pending user to access endpoints intended for authenticated users. Technical details show get_current_user() validates JWTs...

GHSA-78H3-63C4-5FQC WeKnora has Command Injection in MCP stdio test

Vulnerability Description --- Vulnerability Overview This issue is a command injection vulnerability CWE-78 that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. The root causes are as...

CVE-2025-41346

CVE-2025-41346 pertains to WinPlus v24.11.27 from Informática del Este, where faulty authorization control allows impersonation of another user by simply knowing the numerical ID. The issue affects confidentiality, integrity, and availability of data stored in the application. Connected sources c...

EUVD-2020-25893

Malware in sbrugna...

EUVD-2018-7905

Malware in sbrugna...

EUVD-2025-1801

Malicious code in bioql PyPI...

EUVD-2021-29111

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-13313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to th...

Secure API-Driven Research Automation to Accelerate Scientific Discovery

The Secure Scientific Service Mesh S3M provides API-driven infrastructure to accelerate scientific discovery through automated research workflows. By integrating near real-time streaming capabilities, intelligent workflow orchestration, and fine-grained authorization within a service mesh...

CVE-2025-40619

Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles...

CVE-2025-40619

Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles...

PT-2025-18177 · Bookgy · Bookgy

Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: The issue is related to a lack of proper authorization control in multiple areas of the Bookgy application. This deficiency could allow a malicious actor, without authentication, to reach...

Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-09141)

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that stems from the lack of proper filtering of input in the internally used 'DeleteProject' method. An attacker could exploit th...

[SECURITY] Fedora 41 Update: freeipa-4.12.2-7.fc41

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

CVE-2025-0637

It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been...

CVE-2025-0637

CVE-2025-0637 describes an inadequate authorization control in Beta10, allowing unauthenticated actors to access private or restricted areas via the /app/tools.html endpoint. The issue is concrete: missing authorization checks in Beta10 software (no specifics on affected versions in the initial d...

CVE-2023-44258 WordPress Schema App Structured Data plugin <= 1.23.1 - Broken Access Control + CSRF vulnerability

Missing Authorization vulnerability in vberkel Schema App Structured Data schema-app-structured-data-for-schemaorg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through = 1.23.1...

Horovod Remote Code Execution Vulnerability

Horovod is an open source distributed deep learning training framework designed to improve the training efficiency and scalability of large-scale deep learning models. Horovod suffers from a remote code execution vulnerability that can be exploited by an attacker to execute arbitrary code on a...

CVE-2024-45164

Akamai SIA Secure Internet Access Enterprise ThreatAvert, in SPS Security and Personalization Services before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticat...

CVE-2024-45164

Akamai SIA ThreatAvert (SPS) and Apps Portal suffer an authorization issue on the ThreatAvert Policy admin page. An authenticated user can directly access the /#app/intelligence/threatAvertPolicies URI and disable policy enforcement. Concrete details from connected sources: affected products are ...