Open WebUI has inconsistent authorization controls within memories API

Summary Authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories. Details Using a newly created non-admin user with no existing memories, it is possible to view existing...

StudioCMS Information Disclosure Vulnerability

StudioCMS is StudioCMS open source a content management system . StudioCMS suffers from an information disclosure vulnerability that stems from the use of an attacker-controlled rank query parameter in the REST API getUsers endpoint, which can be exploited by an attacker to cause an administrator...

CVE-2025-64487 Outline is vulnerable to privilege escalation vulnerability in document sharing

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in...

CVE-2025-64487 Outline is vulnerable to privilege escalation vulnerability in document sharing

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in...

CVE-2024-52312

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312 data.all authenticated users can perform restricted operations against DataSets and Environments

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312

CVE-2024-52312 affects data.all (open source framework). The issue stems from inconsistent authorization permissions that may allow an authenticated external actor to perform restricted operations on DataSets and Environments. Documents provide MEDIUM severity (CVSS 3.1/4.0) and describe the root...

PT-2024-35172 · Alldata · Alldata

Name of the Vulnerable Software and Affected Versions: data.all affected versions not specified Description: The issue is related to inconsistent authorization permissions in data.all, which may allow an external actor with an authenticated account to perform restricted operations against DataSet...

Nagios Log Server 1.4.1 - Multiple Vulnerabilities

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios Log Server Multiple Vulnerabilities Affected versions: Nagios Log Server = 1.4.1 PDF:...