Lucene search
K

18 matches found

CVE
CVE
added 2 days ago10 views

CVE-2026-54601

CVE-2026-54601 affects FastGPT up to 4.15.0-beta4, where an authenticated tenant user can abuse POST /api/core/dataset/collection/create/reTrainingCollection to persist a server-owned datasetId from another tenant. This yields mixed dataset objects and downstream endpoints (dataset, collection, a...

6.3CVSS6AI score0.00246EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 6:47 p.m.10 views

Security Bulletin: Unauthenticated Session History Access via Public Flow Execution

Summary A session ID namespace bypass vulnerability existed in Langflow OSS' POST /api/v1/buildpublictmp/flowid/flow endpoint that allowed unauthenticated attackers to access chat history from other users' sessions. The endpoint accepted an inputs.session parameter that could override the session...

8.1CVSS5.5AI score0.00248EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/05/15 8:33 p.m.16 views

EUVD-2026-30630

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.15 views

FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluator entity - cross-workspace data takeover and IDOR. File: packages/server/src/Interface.Evaluation.ts Root cause: The Evaluator controller/service constructs a n...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/14 4:19 p.m.11 views

GHSA-MQ53-PC65-WJC4 FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluation entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/evaluations/index.ts Root cause: The Evaluation controller/service...

8.8CVSS6AI score0.00335EPSS
Exploits0References6
OSV
OSV
added 2026/05/14 4:19 p.m.15 views

GHSA-5H9V-837X-M97R FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Dataset entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The Dataset controller/service constructs a new...

8.8CVSS6AI score0.00335EPSS
Exploits0References6
OSV
OSV
added 2026/05/14 4:19 p.m.9 views

GHSA-78PR-C5X5-JGGC FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Assistant entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/assistants/index.ts Root cause: The Assistant controller/service construct...

8.8CVSS6AI score0.00335EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-41215

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the evaluator create and update processes. The server uses Object.assign to copy the request body into the Evaluator entity without an explicit field allowlist,...

7.7CVSS5.5AI score0.00335EPSS
Exploits0References7
NVD
NVD
added 2026/02/27 5:16 p.m.17 views

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS0.0022EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/27 4:44 p.m.4 views

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-5169

Malware in sbrugna...

5.3CVSS5.3AI score0.01505EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/08/16 11:22 p.m.3 views

SUSE CVE-2025-38535

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode When transitioning from USBROLEDEVICE to USBROLENONE, the code assumed that the regulator should be disabled. However, if the regulator is marked as always-on,...

5.5CVSS6.4AI score0.00153EPSS
Exploits0References20
OSV
OSV
added 2025/08/16 12:15 p.m.4 views

DEBIAN-CVE-2025-38535

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode When transitioning from USBROLEDEVICE to USBROLENONE, the code assumed that the regulator should be disabled. However, if the regulator is marked as always-on,...

7.8CVSS6.2AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/16 11:12 a.m.9 views

CVE-2025-38535 phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode When transitioning from USBROLEDEVICE to USBROLENONE, the code assumed that the regulator should be disabled. However, if the regulator is marked as always-on,...

0.00153EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2025/08/16 11:12 a.m.9 views

CVE-2025-38535

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode When transitioning from USBROLEDEVICE to USBROLENONE, the code assumed that the regulator should be disabled. However, if the regulator is marked as always-on,...

7.8CVSS6.2AI score0.00153EPSS
Exploits0
OSV
OSV
added 2025/08/16 11:12 a.m.5 views

CVE-2025-38535 phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode When transitioning from USBROLEDEVICE to USBROLENONE, the code assumed that the regulator should be disabled. However, if the regulator is marked as always-on,...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References12
OSV
OSV
added 2020/12/31 10:15 a.m.7 views

DEBIAN-CVE-2019-25010

An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when privategettypeid is overridden...

9.8CVSS8.5AI score0.01487EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2015/03/11 12:0 a.m.64 views

ipa security, bug fix, and enhancement update

4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...

4.3CVSS0.1AI score0.18351EPSS
Exploits1
Rows per page
Query Builder