Lucene search
K

114 matches found

OSV
OSV
added 3 days ago3 views

PYSEC-2026-482 PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation

Summary The Platform server exposes resources under /api/v1/workspaces/workspaceid/... and protects them with a requireworkspacememberworkspaceid FastAPI dependency. The dependency only checks that the caller is a member of the workspaceid in the URL prefix. The route handlers then look up the...

9.4CVSS5.8AI score0.00043EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-39597

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added last week18 views

CVE-2026-56772 NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS0.00204EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/22 11:19 p.m.9 views

Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials

Summary The Budibase server route POST /api/attachments/:datasourceId/url packages/server/src/api/routes/static.ts is registered with only the recaptcha middleware. There is no authorized... middleware in the chain. The controller...

9.4CVSS6AI score0.00415EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/16 11:8 p.m.21 views

CVE-2026-48929

Rocket.Chat versions older than 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, and 7.10.13 are vulnerable to unauthenticated file deletion through the deleteFileMessage Meteor method. When called over an unauthenticated DDP WebSocket connection, Meteor.userId() returns null, bypassing the auth...

7.5CVSS7.3AI score0.00723EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/11 10:16 a.m.11 views

CVE-2026-53911

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.7 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the Livewire component in the product editor, which lacked authorization for the store method. Any...

6.5CVSS5.8AI score0.00221EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.13 views

Debian dla-4602 : lemonldap-ng - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4602 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4602-1 [email protected]...

8CVSS6AI score0.01175EPSS
Exploits0References6
NVD
NVD
added 2026/05/26 4:16 p.m.16 views

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

4.3CVSS0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 8:0 p.m.15 views

EUVD-2026-30603

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...

5CVSS6AI score0.00287EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.11 views

FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Dataset entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The Dataset controller/service constructs a new...

8.8CVSS6AI score0.00335EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/05/14 3:52 p.m.33 views

CVE-2026-44504

CVE-2026-44504 (Aegra) describes a cross-tenant IDOR in Aegra deployments prior to 0.9.7 where an authenticated user with access to another user’s thread_id can: (1) execute runs against that user’s thread via /threads/{thread_id}/runs (and related endpoints), (2) read the other user’s full check...

8.6CVSS6AI score0.00285EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.9 views

PT-2026-39879

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description A bugnote author can access the Revisions page of a note even after losing access to the parent private issue. This leads to the disclosure of the private issue's ID and summary,...

5.3CVSS5.8AI score0.00372EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/08 11:1 p.m.48 views

CVE-2026-42456 AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

4.3CVSS0.00301EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/06 3:32 p.m.11 views

EUVD-2026-27823

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

9.1CVSS5.8AI score0.00302EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 1:16 p.m.16 views

CVE-2026-5081

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

9.1CVSS0.00302EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/05/06 12:16 p.m.6 views

CVE-2026-5081

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

9.1CVSS5.8AI score0.00302EPSS
Exploits0
Snyk
Snyk
added 2026/04/29 9:57 p.m.6 views

Open Redirect

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Open Redirect in the handleSSORequest process. An attacker can obtain sensitive user identity attributes and impersonate users by...

8.2CVSS5.8AI score0.0028EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/17 3:36 a.m.39 views

CVE-2026-5234 LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID

The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::createpaymentintentfortransaction action is registered as a public action no authentication required an...

5.3CVSS0.00689EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/04/17 2:7 a.m.8 views

WordPress LatePoint plugin <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability discovered by darkmode in WordPress Plugin LatePoint versions = 5.3.2...

5.3CVSS5.8AI score0.00689EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder