CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

Snyk•added 2026/05/14 8:25 p.m.•6 views

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the updatemessagebyid and deletemessagebyid handlers in channels.py. An attacker can overwrite or remove another member’s group or direct message conte...

5.3CVSS5.8AI score0.00204EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-22333

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00225EPSS

Exploits1References1

NVD•added 2025/07/22 3:15 p.m.•3 views

CVE-2025-51862

Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...

6.1CVSS0.00225EPSS

Exploits1References1

Positive Technologies•added 2025/07/22 12:0 a.m.•3 views

PT-2025-30420 · Telegai · Telegai

Name of the Vulnerable Software and Affected Versions: TelegAI versions through 2025-05-26 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the chat component of TelegAI. This allows an attacker to tamper with other users' conversations. Additionally, malicious conten...

6.1CVSS5.4AI score0.00225EPSS

Exploits1References3