13 matches found
CVE-2026-3473
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...
CVE-2026-3473
CVE-2026-3473 affects Mattermost prior to fixed versions: 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x
PT-2026-41197
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description Multiple endpoints accept a user-supplied file id and attach the referenced file to a resource controlled by the caller, such as folder knowledge or knowledge-base contents, without verifying if t...
GHSA-JV4P-MHMP-69VW Langchain-Chatchat Uses Insufficiently Random Values
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...
pydicom 路径遍历漏洞
Pydicom is an open-source Python library for reading and writing DICOM medical image files. Versions of Pydicom from 2.0.0-rc.1 to 3.0.1 have a path traversal vulnerability. This vulnerability arises from maliciously crafted DICOMDIR ReferencedFileIDs, which may lead to path traversal, allowing...
PT-2026-8399
Name of the Vulnerable Software and Affected Versions Frontend File Manager plugin versions through 23.5 Description The Frontend File Manager plugin allows unauthenticated users to send emails through the WordPress site without security checks. This enables attackers to utilize the site as an op...
UBUNTU-CVE-2024-53178
In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with opencacheddir opencacheddir may either race with the tcon reconnection even before compoundsendrecv or directly trigger a reconnection via SMB2openinit or SMBqueryinfoinit. The...
HackerOne: Attachment disclosure via summary report
A critical vulnerability was discovered in the HackerOne platform that allowed an attacker to gain unauthorized access to attachments belonging to other users through the report summary editing functionality. By manipulating attachment IDs in the request, an attacker could view sensitive files th...
Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs
Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate configuration file IDs. An enumeration of configuration file IDs in Jenkins Config File Provider Plugin 3.7.1 require...
jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs...
Design/Logic Flaw
Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...
PT-2021-14688 · Jenkins · Jenkins Config File Provider Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 3.7.0 and earlier Description: The issue concerns a lack of permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate configuration file IDs. This ca...
CVE-2019-19734
accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...