3 matches found
CVE-2026-54015 Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the promptid in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that...
PT-2026-42892
Name of the Vulnerable Software and Affected Versions SourceCodester Hospitals Patient Records Management System version 1.0 Description A security flaw allows for remote SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution. The issue...
PT-2026-27170
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The restreamer endpoint constructs a log file path by embedding user-controlled users id and liveTransmitionHistory id values from the JSON request...