CVE-2026-48616

CVE-2026-48616 affects Rocket.Chat Livechat file downloads in multiple legacy branches (versions

SUSE CVE-2026-48102

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse CPP/7zip/Archive/Udf/UdfIn.cpp, after validating size 38 + idLen + impLen and...

PT-2026-47792

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the 9p filesystem implementation, the v9fs apply options function incorrectly applies parsed mount flags using a bitwise OR operation instead of replacing existing flags. For 9P2000.L...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the CFileId::Parse function of the UDF disc image handler's File Identifier Descriptor parser. An attacker can access sensitive information or cause a crash by crafting a malicious UDF image that triggers an...

CVE-2026-48102 GHSL-2026-118: 7-Zip UDF Field OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse CPP/7zip/Archive/Udf/UdfIn.cpp, after validating size 38 + idLen + impLen and...

CVE-2026-48102 GHSL-2026-118: 7-Zip UDF Field OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse CPP/7zip/Archive/Udf/UdfIn.cpp, after validating size 38 + idLen + impLen and...

Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing

Summary The fileID field from Manifest.db a SQLite database inside iOS backups, generated by the device is used directly in filesystem path construction without validation. This affects two commands through a shared code path: - mvt-ios decrypt-backup decrypt.py: fileid is used to construct both...

PT-2026-42598

Summary The fileID field from Manifest.db a SQLite database inside iOS backups, generated by the device is used directly in filesystem path construction without validation. This affects two commands through a shared code path: - mvt-ios decrypt-backup decrypt.py: file id is used to construct both...

CVE-2026-45402

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied fileid and attach the referenced file to a resource the caller controls folder knowledge, knowledge-base contents without verifying that the...

CVE-2026-41949

Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...

CVE-2026-41949 Dify < 1.14.2 Authorization Bypass via File Preview Endpoint

Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...

dify 安全漏洞

dify is an open-source LLM application development platform by LangGenius. Versions of dify prior to 1.14.1 have a security vulnerability. This vulnerability stems from an authorization bypass issue in the file preview endpoint, which allows any authenticated user to read the first 3,000 characte...

CVE-2026-45402 Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied fileid and attach the referenced file to a resource the caller controls folder knowledge, knowledge-base contents without verifying that the...

Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints

Cross-User File Access via Unchecked fileid in Folder Knowledge and Knowledge-Base Attach Endpoints Summary Multiple endpoints accept a user-supplied fileid and attach the referenced file to a resource the caller controls folder knowledge, knowledge-base contents without verifying that the caller...

CVE-2026-41950 Dify < 1.14.0 Authorization Bypass via File UUID

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...

CVE-2026-41950

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...

Insecure Randomness

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Insecure Randomness via the getfileid function in the Uploaded File Handler...

PT-2026-37091

Name of the Vulnerable Software and Affected Versions Langchain-Chatchat versions prior to 0.3.1.4 Description An issue exists in the Uploaded File Handler component within the get file id function of the file libs/chatchat-server/chatchat/server/api server/openai routes.py. Manipulation of this...

CVE-2026-33740 EspoCRM: Email importEml can import and delete another user's attachment by raw fileId

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

eBrigade ERP SQL注入漏洞

eBrigade ERP is a comprehensive business system for enterprise resource planning management developed by the French company eBrigade. Version 4.5 of eBrigade ERP contains a SQL injection vulnerability, which stems from insufficient input validation for the id parameter in the pdf.php file. This...