XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

Impact POST /wikis/wikiName executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki Patches This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and...

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform used for creating web collaboration applications. Vulnerabilities exist in versions of the XWiki Platform prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17. These vulnerabilities stem from the POST /wikis/wikiName API not performing...

CVE-2026-44564

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

CVE-2026-44564 Open WebUI: Read-Only Users Can Modify Collaborative Documents via Socket.IO

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

EUVD-2026-30616

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

CVE-2026-44564

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI based on the open-source Open WebUI framework. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the ydoc:document:update Socket.IO event handler, which checke...

Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO

Read-Only Users Can Modify Collaborative Documents via Socket.IO Affected Component Socket.IO collaborative document editing handler: - backend/openwebui/socket/main.py lines 667-721, ydoc:document:update handler Affected Versions Current main branch and likely all versions with collaborative not...

GHSA-VRFH-RJ4Q-RMHR Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO

Read-Only Users Can Modify Collaborative Documents via Socket.IO Affected Component Socket.IO collaborative document editing handler: - backend/openwebui/socket/main.py lines 667-721, ydoc:document:update handler Affected Versions Current main branch and likely all versions with collaborative not...

PT-2026-39281

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The ydoc:document:update Socket.IO event handler fails to verify if a sender has write permissions, checking only if the sender is a member of the document's Socket.IO room. Users with read-only...

CVE-2025-5526 BuddyPress Docs < 2.2.5 - Subscriber+ Arbitrary Document Read/Update

The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user...

CVE-2022-49442

In the Linux kernel, the following vulnerability has been resolved: drivers/base/node.c: fix compaction sysfs file leak Compaction sysfs file is created via compactionregisternode in registernode. But we forgot to remove it in unregisternode. Thus compaction sysfs file is leaked. Using...

EazyDocs < 2.3.6 - Unauthenticated OnePage Document Update/Publish

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the doconepage and editdoconepage functions, allowing unauthenticated attackers to publish and edit the plugin's OnePage document...

Update documentation regarding plan permissions to edit and delete plans

h3. Summary According to our documentation Disabling or deleting a plan|https://confluence.atlassian.com/bamboo/disabling-or-deleting-a-plan-289276855.html/, it is only possible to delete a plan by having "Admin" Global permissions. This is not accurate. Test done: Create a group called...

SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2017:3086-1)

This update for samba fixes the following issues: Security issues fixed : - CVE-2017-14746: Fixed a use-after-free vulnerability that could be used to crash smbd or potentially execute code bsc1060427. - CVE-2017-15275: Fixed a server heap memory information leak bsc1063008. Non-security issues...

CentOS Update for python-docs CESA-2007:1076 centos3 x86_64

Check for the Version of python-docs OpenVAS Vulnerability Test CentOS Update for python-docs CESA-2007:1076 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...