Lucene search
K

41 matches found

OSV
OSV
added 2026/07/07 4:3 p.m.9 views

PYSEC-2026-1803 pretix has Broken Access Control Allowing Cross-User File Access via UUID

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS5.9AI score0.00226EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 6:18 p.m.18 views

CVE-2026-54010

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary fileid values to their own chat message without checking whether they own or can read those files. If the attacker then shares...

8.3CVSS0.00241EPSS
Exploits1References1
NVD
NVD
added 2026/06/17 1:20 p.m.13 views

CVE-2026-48929

Rocket.Chat in versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, and 7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes any uploaded file by ID without requiring authentication. When called via an unauthenticated DDP WebSocket...

7.5CVSS0.00723EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50482

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An authenticated user can attach arbitrary file id values to their own chat messages because the system fails to verify if the user owns or has read access to those files. By sharing the chat and...

8.3CVSS6AI score0.00241EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.27 views

PT-2026-50128

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

9.3CVSS7.3AI score0.00304EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-50131

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

7.5CVSS7.2AI score0.00723EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.17 views

CVE-2026-46486

MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...

5.3CVSS5.3AI score0.00376EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 7:16 p.m.12 views

CVE-2026-46486

MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...

5.3CVSS0.00376EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 6:30 p.m.36 views

CVE-2026-46486 Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing

MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...

5.3CVSS0.00376EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:30 p.m.8 views

CVE-2026-46486

MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...

5.3CVSS5.3AI score0.00376EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/08 6:30 p.m.37 views

CVE-2026-46486

MVT (Mobile Verification Toolkit) has a path traversal vulnerability in iOS Backup processing due to unsanitized file identifiers. The fileID field from Manifest.db is used directly in path construction in two code paths: mvt-ios decrypt-backup (read/write paths) and mvt-ios check-backup (get bac...

5.3CVSS5.3AI score0.00376EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 6:30 p.m.6 views

CVE-2026-46486 Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing

MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.8 views

CVE-2026-3473

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...

7.1CVSS5.5AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 1:30 p.m.3 views

GHSA-7PF2-9C95-W332 Mattermost doesn't validate file ownership and access control

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/19 7:57 a.m.12 views

CVE-2026-45671

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile...

8CVSS5.7AI score0.0027EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:13 p.m.5 views

CVE-2026-45671

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile...

8CVSS5.8AI score0.0027EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/15 7:13 p.m.18 views

EUVD-2026-30606

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile...

8CVSS5.8AI score0.0027EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.5 views

CVE-2026-28788

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...

7.1CVSS5.9AI score0.02858EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/27 3:34 p.m.7 views

Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

Summary Any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via GET /api/v1/knowledge/id/files a...

7.1CVSS5.9AI score0.02858EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.6 views

SUSE CVE-2026-28682

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...

6.4CVSS5.8AI score0.00133EPSS
Exploits0References3
Rows per page
Query Builder