Lucene search
K

676 matches found

Vulnrichment
Vulnrichment
added 2026/06/25 3:51 p.m.7 views

CVE-2026-54029 LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId...

5.3CVSS5.8AI score0.00353EPSS
Exploits2References1
OSV
OSV
added 2026/06/24 5:38 p.m.4 views

GHSA-7FQ5-7WR8-RJWJ OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination

Summary OliveTin's template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls tpl.Parsesource followed by t.Execute on this shared instance with no synchronization. When t...

7.5CVSS6.1AI score0.00401EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 6:17 p.m.3 views

Security Bulletin: Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass

Summary An improper authorization vulnerability in Streamable MCP transport endpoint /api/v1/mcp/project/projectid/streamable allows unauthenticated attackers to bypass project ownership controls and execute Model Context Protocol MCP operations against OAuth-authenticated projects owned by other...

9.8CVSS6.1AI score0.00259EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/23 5:17 p.m.11 views

CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

8.4CVSS0.0056EPSS
Exploits2References5
OSV
OSV
added 2026/06/23 4:49 p.m.3 views

CVE-2026-54009 Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the...

6.5CVSS6AI score0.00225EPSS
Exploits1References3
CVE
CVE
added 2026/06/23 4:49 p.m.32 views

CVE-2026-54009

CVE-2026-54009 affects Open WebUI prior to 0.9.6. The vulnerability arises in the image_url handling path: convert_url_images_to_base64 calls get_image_base64_from_url without a user context, and get_image_base64_from_url uses Files.get_file_by_id (no ownership check) to retrieve a file by ID. Th...

6.5CVSS5.9AI score0.00225EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 4:49 p.m.48 views

CVE-2026-54009 Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the...

6.5CVSS0.00225EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:48 p.m.44 views

CVE-2026-54010 Open WebUI: Forged chat-file link allows cross-user file read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary fileid values to their own chat message without checking whether they own or can read those files. If the attacker then shares...

8.3CVSS0.00241EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:48 p.m.17 views

CVE-2026-54010

CVE-2026-54010 affects Open WebUI prior to version 0.9.6. An authenticated user could attach arbitrary file_id values to their own chat messages without ownership/read checks, and then leverage a forged chat-file link to access or delete the victim’s file via shared-chat authorization. The root c...

8.3CVSS6AI score0.00241EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/23 4:48 p.m.3 views

CVE-2026-54010 Open WebUI: Forged chat-file link allows cross-user file read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary fileid values to their own chat message without checking whether they own or can read those files. If the attacker then shares...

8.3CVSS6AI score0.00241EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/23 4:47 p.m.47 views

CVE-2026-54012 Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the...

7.1CVSS0.00198EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:47 p.m.30 views

CVE-2026-54012

CVE-2026-54012 pertains to Open WebUI. Before version 0.9.6, a user with model-creation/update/import rights could attach forged meta.knowledge entries of type file to their model. The system then trusts these entries as authorization sources, enabling a cross-user read and deletion of private fi...

7.1CVSS6AI score0.00198EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/23 4:47 p.m.4 views

CVE-2026-54012 Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the...

7.1CVSS6AI score0.00198EPSS
Exploits1References3
CVE
CVE
added 2026/06/23 4:30 p.m.25 views

CVE-2026-33760

Langflow (pre-1.9.0) exposes an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints (including builds, messages, and transactions) allow read, write, and delete actions on user-owned resources without verifying ownership, enabling an attacker to access or modify another user’s ...

8.8CVSS5.9AI score0.00291EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:52 p.m.48 views

CVE-2026-45732 n8n: Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate ...

8.3CVSS0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 3:47 p.m.48 views

CVE-2026-54307 n8n: Credential Exfiltration via Permission Bypass

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to...

8.5CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:41 p.m.20 views

CVE-2026-54311

CVE-2026-54311 affects n8n, specifically multi-user instances where multiple users can create and run workflows containing the Merge node in SQL Query mode. The vulnerability arises because the sandbox context for the Merge node is cached and reused across all workflow executions on an instance, ...

7.7CVSS6AI score0.00316EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-51009

Name of the Vulnerable Software and Affected Versions gonic versions prior to 0.21.0 Description An authenticated Subsonic user can bypass ownership checks to read or delete playlists belonging to other users and probe arbitrary file paths on the host for existence or readability. This occurs...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References11
CVE
CVE
added 2026/06/17 5:4 p.m.36 views

CVE-2026-9678

Undici (node) vulnerability CVE-2026-9678: in shared-cache mode, the cache interceptor may misclassify responses as cacheable when Cache-Control uses whitespace-padded private/no-cache directives (e.g., private=" authorization" or no-cache="\tauthorization"). The whitespace is preserved by the pa...

5.9CVSS5.2AI score0.00374EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 2:15 p.m.21 views

Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion

Summary Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the referenced files. Open WebUI then treats meta.knowledge entries of type file as an authorization source in two...

7.1CVSS5.6AI score0.00198EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder