Lucene search
K

22 matches found

NVD
NVD
added 2026/06/26 8:17 p.m.5 views

CVE-2026-44732

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used to modify existing documents. The target document is loaded with visibility checks and then updated. During update, attacker-controlled attributes are...

4.3CVSS0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:39 p.m.7 views

CVE-2026-44732

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used to modify existing documents. The target document is loaded with visibility checks and then updated. During update, attacker-controlled attributes are...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52901

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.2 OpenProject versions prior to 17.4.0 Description OpenProject exposes a document update endpoint used to modify existing documents. The system loads the target document with visibility checks, but...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-44564

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

5.4CVSS5.5AI score0.0022EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/26 6:58 p.m.22 views

XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

Impact POST /wikis/wikiName executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki Patches This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and...

9.3CVSS5.8AI score0.00594EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform used for creating web collaboration applications. Vulnerabilities exist in versions of the XWiki Platform prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17. These vulnerabilities stem from the POST /wikis/wikiName API not performing...

9.3CVSS5.8AI score0.00594EPSS
Exploits1References5
NVD
NVD
added 2026/05/15 8:16 p.m.16 views

CVE-2026-44564

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

5.4CVSS0.0022EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:26 p.m.13 views

CVE-2026-44564

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/15 7:26 p.m.3 views

CVE-2026-44564 Open WebUI: Read-Only Users Can Modify Collaborative Documents via Socket.IO

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

5.4CVSS6AI score0.0022EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/15 7:26 p.m.41 views

CVE-2026-44564 Open WebUI: Read-Only Users Can Modify Collaborative Documents via Socket.IO

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

5.4CVSS0.0022EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 7:26 p.m.14 views

EUVD-2026-30616

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI based on the open-source Open WebUI framework. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the ydoc:document:update Socket.IO event handler, which checke...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References1
OSV
OSV
added 2026/05/08 8:0 p.m.13 views

GHSA-VRFH-RJ4Q-RMHR Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO

Read-Only Users Can Modify Collaborative Documents via Socket.IO Affected Component Socket.IO collaborative document editing handler: - backend/openwebui/socket/main.py lines 667-721, ydoc:document:update handler Affected Versions Current main branch and likely all versions with collaborative not...

5.4CVSS5.5AI score0.0022EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/08 8:0 p.m.14 views

Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO

Read-Only Users Can Modify Collaborative Documents via Socket.IO Affected Component Socket.IO collaborative document editing handler: - backend/openwebui/socket/main.py lines 667-721, ydoc:document:update handler Affected Versions Current main branch and likely all versions with collaborative not...

5.4CVSS5.5AI score0.0022EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39281

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The ydoc:document:update Socket.IO event handler fails to verify if a sender has write permissions, checking only if the sender is a member of the document's Socket.IO room. Users with read-only...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/06/27 6:0 a.m.14 views

CVE-2025-5526 BuddyPress Docs < 2.2.5 - Subscriber+ Arbitrary Document Read/Update

The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user...

0.00219EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2025/02/26 7:1 a.m.8 views

CVE-2022-49442

In the Linux kernel, the following vulnerability has been resolved: drivers/base/node.c: fix compaction sysfs file leak Compaction sysfs file is created via compactionregisternode in registernode. But we forgot to remove it in unregisternode. Thus compaction sysfs file is leaked. Using...

5.5CVSS6.3AI score0.00283EPSS
Exploits0References11
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.25 views

EazyDocs < 2.3.6 - Unauthenticated OnePage Document Update/Publish

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the doconepage and editdoconepage functions, allowing unauthenticated attackers to publish and edit the plugin's OnePage document...

8.6AI score0.00497EPSS
Exploits0References1Affected Software1
Atlassian
Atlassian
added 2018/04/24 8:3 a.m.529 views

Update documentation regarding plan permissions to edit and delete plans

h3. Summary According to our documentation Disabling or deleting a plan|https://confluence.atlassian.com/bamboo/disabling-or-deleting-a-plan-289276855.html/, it is only possible to delete a plan by having "Admin" Global permissions. This is not accurate. Test done: Create a group called...

1.1AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/07 12:0 a.m.4 views

The vulnerability in the `mozilla::dom::ImageDocument::UpdateSizeFromLayout` function allows a hacker to trigger a service failure in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird.

The vulnerability of the mozilla::dom::ImageDocument::UpdateSizeFromLayout function in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the use of memory after object release, resulting from manipulations of DOM objects when the “resize” event is called for the “image”...

9.3CVSS7.8AI score0.02711EPSS
Exploits1References15Affected Software10
Rows per page
Query Builder