Lucene search
K

12 matches found

Github Security Blog
Github Security Blog
added 2026/06/17 2:16 p.m.11 views

Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion

Summary Open WebUI's prompt version-history endpoints authorize the promptid in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that prompt historyentry.promptid == prompt.id. Three operations are affected: - GET...

6.4CVSS5.6AI score0.00169EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50487

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains an authorization flaw in its prompt version-history endpoints. While the system authorizes the prompt id provided in the URL, it fails to verify that the requested history...

6.4CVSS5.9AI score0.00169EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.5 views

CVE-2026-0909

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

5.3CVSS5.5AI score0.00338EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 3:24 a.m.3 views

CVE-2026-0909

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

5.3CVSS5.5AI score0.00338EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.12 views

WordPress plugin WP ULike 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00338EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2025-30787

Malicious code in bioql PyPI...

7.7CVSS6.3AI score0.00215EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 8:13 a.m.6 views

CVE-2024-9649

The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wpulikedeletehistoryapi function. This makes it possible for...

4.3CVSS5.2AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2024/10/16 2:15 a.m.2 views

CVE-2024-9649

The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wpulikedeletehistoryapi function. This makes it possible for...

4.3CVSS5.6AI score0.00207EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.4 views

CVE-2023-32177

VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...

7.8CVSS6.2AI score0.0071EPSS
Exploits0References3
OSV
OSV
added 2024/02/21 7:15 a.m.8 views

CVE-2023-42951

The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items...

4.3CVSS5.7AI score0.00336EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.8 views

Apple iOS 和 iPadOS 安全漏洞

iPhone OS is the operating system developed by Apple for the iPhone and iPod touch. iPadOS is Apple's mobile operating system for iPad devices, which is based on iOS and optimized for iPad. A privacy disclosure vulnerability exists in Apple iPhone OS and iPadOS, which stems from the fact that use...

4.3CVSS6.1AI score0.00336EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.5 views

PT-2022-6848 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.7 XWiki Platform versions prior to 15.2RC1 XWiki Platform versions prior to 13.10.6 XWiki Platform versions prior to 14.4 Description: The XWiki Platform has a vulnerability that allows remote code...

9.9CVSS8.9AI score0.73608EPSS
Exploits2References16
Rows per page
Query Builder