Lucene search
K

31 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.15 views

CVE-2026-54016

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization BOLA vulnerability in the builtin searchknowledgefiles tool. When native function calling is enabled and the selected model has no...

4.3CVSS0.00226EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.34 views

CVE-2026-38530

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS0.00351EPSS
Exploits2References2
CVE
CVE
added 2026/04/14 12:0 a.m.20 views

CVE-2026-38529

CVE-2026-38529 describes a Broken Object-Level Authorization (BOLA) in the Webkul Krayin CRM v2.2.x product. The vulnerability is located in the /Settings/UserController.php endpoint and allows authenticated attackers to arbitrarily reset user passwords and achieve full account takeover by sendin...

8.8CVSS5.8AI score0.00624EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2026/04/14 12:0 a.m.12 views

CVE-2026-38530

CVE-2026-38530 describes a Broken Object-Level Authorization (BOLA) in the Webkul Krayin CRM v2.2.x, specifically in the /Controllers/Lead/LeadController.php endpoint. The authenticated user can read, modify, and permanently delete any lead owned by other users by sending a crafted GET request. T...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/08 12:55 a.m.14 views

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

7.6CVSS6.8AI score0.00284EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54316

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00268EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54317

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00289EPSS
Exploits1References2
Wallarm Lab
Wallarm Lab
added 2025/03/31 12:25 p.m.9 views

Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Despite advancements in API security, access control vulnerabilities, such as broken object-level authentication BOLA and broken function-level authentication BFLA, remain almost impossible to detect. This blog will explore why these vulnerabilities are so difficult to detect, the limitations of...

8.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/29 12:25 a.m.20 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

3.1CVSS7.1AI score0.00237EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/29 12:24 a.m.18 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.6CVSS7.1AI score0.00289EPSS
Exploits1References1
NVD
NVD
added 2025/03/27 8:15 p.m.14 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

3.1CVSS0.00237EPSS
Exploits1References2
NVD
NVD
added 2025/03/27 7:15 p.m.14 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.6CVSS0.00289EPSS
Exploits1References2
OSV
OSV
added 2025/03/27 7:15 p.m.7 views

CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

5.4CVSS6.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/27 12:0 a.m.10 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.4AI score0.00289EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/27 12:0 a.m.7 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

3.9AI score0.00237EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/27 12:0 a.m.18 views

CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

0.00268EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/27 12:0 a.m.11 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

0.00237EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/27 12:0 a.m.22 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

0.00289EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/27 12:0 a.m.9 views

CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

5.5AI score0.00268EPSS
Exploits1References2
CVE
CVE
added 2025/03/27 12:0 a.m.54 views

CVE-2024-55070

CVE-2024-55070 affects hay-kot mealie v2.2.0. The vulnerability is a Broken Object Level Authorization in the component at /households/permissions, enabling group managers to edit their own permissions. Documented impact is limited to this privilege escalation vector (group managers changing thei...

3.1CVSS6.5AI score0.00237EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder