Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/05/14 8:28 p.m.9 views

Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion

Summary Any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile authorization gate unconditionally grants access through its shared-chat branch. It checks neither the requesting...

8CVSS5.7AI score0.0027EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Tuist 安全漏洞

Tuist is an open-source platform for team collaboration and performance optimization in Swift application development. Tuist versions 1.180.8 and earlier have security vulnerabilities. These vulnerabilities stem from the DELETE endpoint not verifying whether the preview belongs to an item within...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.8 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the delete Endpoint component called...

7.5CVSS6.1AI score0.00487EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.6 views

PT-2026-24253

Name of the Vulnerable Software and Affected Versions StudioCMS versions prior to 0.4.0 Description StudioCMS is a server-side-rendered, Astro native, headless content management system. The DELETE /studiocms api/dashboard/api-tokens API endpoint, before version 0.4.0, allows authenticated users...

7.1CVSS5.8AI score0.00452EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/01/18 12:0 a.m.11 views

PT-2026-3381

Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS versions up to 5.202506.d Description A flaw exists in Sanluan PublicCMS that allows for improper authorization. This issue is related to the delete function within the file...

8.1CVSS5.4AI score0.00394EPSS
Exploits1References10
Rows per page
Query Builder