26 matches found
CVE-2026-3867
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...
CVE-2026-44569 Open WebUI: Insecure Message Access Breaks Authorization
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability...
CVE-2026-3867
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...
CVE-2026-3867
CVE-2026-3867 and CVE-2026-3868 affect Moxa’s Secure Router. CVE-2026-3867: improper ownership management may allow a low-privileged authenticated user to access a configuration file containing the hashed admin password when the config is exported, exposing sensitive information (confidentiality ...
EUVD-2026-25756
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...
CVE-2026-3867
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...
CVE-2026-23514
Kiteworks Core vulnerability CVE-2026-23514 affects versions 9.2.0 and 9.2.1, where an access control flaw lets authenticated users access content they should not. This results in high impact on confidentiality, integrity, and availability (CVSS v3.1: 8.8; NETWORK, LOW exploitability, no user int...
Improper Ownership Management
Overview Affected versions of this package are vulnerable to Improper Ownership Management in the AuthManager process. An attacker can cause the association of a temporary account's username and IP address with a real username in AbuseLog by creating a permanent account from a temporary account...
Improper Ownership Management
Overview Affected versions of this package are vulnerable to Improper Ownership Management due to improper context setting during Vault credentials lookup. An attacker can access and potentially capture sensitive Vault credentials by leveraging Item/Configure permissions. Remediation There is no...
EUVD-2024-51460
Malicious code in bioql PyPI...
CVE-2025-3629
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management...
CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities KEV catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2023-0386 CVSS score: 7.8, is an improper...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2023-0386link is external Linux Kernel Improper Ownership Management Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...
CVE-2024-8949
A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cartid/id leads to improper ownership management. It is possible to...
Improper Ownership Management
Overview Affected versions of this package are vulnerable to Improper Ownership Management for projects, whose namespace defaults to being the project name, regardless of cluster. A user with permission to create a project can escalate privileges to those of a user who owns a project by the same...
Improper Ownership Management
Overview Affected versions of this package are vulnerable to Improper Ownership Management for projects, whose namespace defaults to being the project name, regardless of cluster. A user with permission to create a project can escalate privileges to those of a user who owns a project by the same...
Improper Ownership Management
Overview github.com/rancher/rancher/pkg/apis/management.cattle.io/v3 is a complete container management platform Affected versions of this package are vulnerable to Improper Ownership Management for projects, whose namespace defaults to being the project name, regardless of cluster. A user with...
CVE-2024-13249 Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-013
Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2...
CVE-2024-13246
CVE-2024-13246 concerns Drupal’s Node Access Rebuild Progressive module. The vulnerability stems from improper ownership management in the module, which can allow a remote attacker to bypass access controls and influence the target via framing. Affected versions are 0.0.0 through 2.0.1 (up to but...
Veertu Anka Build node agent update privilege escalation vulnerability
Talos Vulnerability Report TALOS-2024-2060 Veertu Anka Build node agent update privilege escalation vulnerability October 3, 2024 CVE Number CVE-2024-39755 SUMMARY A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG fil...