12 matches found
Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion
Summary Open WebUI's prompt version-history endpoints authorize the promptid in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that prompt historyentry.promptid == prompt.id. Three operations are affected: - GET...
PT-2026-50487
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains an authorization flaw in its prompt version-history endpoints. While the system authorizes the prompt id provided in the URL, it fails to verify that the requested history...
CVE-2026-0909
The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...
CVE-2026-0909
The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...
WordPress plugin WP ULike 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
EUVD-2025-30787
Malicious code in bioql PyPI...
CVE-2024-9649
The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wpulikedeletehistoryapi function. This makes it possible for...
CVE-2024-9649
The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wpulikedeletehistoryapi function. This makes it possible for...
CVE-2023-32177
VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...
CVE-2023-42951
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items...
Apple iOS 和 iPadOS 安全漏洞
iPhone OS is the operating system developed by Apple for the iPhone and iPod touch. iPadOS is Apple's mobile operating system for iPad devices, which is based on iOS and optimized for iPad. A privacy disclosure vulnerability exists in Apple iPhone OS and iPadOS, which stems from the fact that use...
PT-2022-6848 · Unknown · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.7 XWiki Platform versions prior to 15.2RC1 XWiki Platform versions prior to 13.10.6 XWiki Platform versions prior to 14.4 Description: The XWiki Platform has a vulnerability that allows remote code...