Lucene search
K

2002 matches found

CVE
CVE
added 2 days ago11 views

CVE-2026-12426

The CVE-2026-12426 affects the WordPress plugin Members – Membership & User Role Editor, up to version 3.2.22. The vulnerability enables unauthenticated attackers to perform sensitive information exposure via the REST API pagination side channel, using the members_filter_protected_posts_for_rest ...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43125

The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.22 via the membersfilterprotectedpostsforrest. This makes it possible for unauthenticated attackers to extract determine the existence...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References6
NVD
NVD
added 4 days ago6 views

CVE-2026-59222

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6.5CVSS0.00265EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-59222

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6CVSS5.9AI score0.00265EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42631

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6CVSS5.9AI score0.00265EPSS
Exploits1References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-59222 Open WebUI: /api/v1/channels/{id}/members exposes full user model including sensitive credentials

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6CVSS0.00265EPSS
Exploits1References3
CVE
CVE
added 4 days ago10 views

CVE-2026-59222

Open WebUI is a self-hosted AI platform. CVE-2026-59222 affects versions from 0.7.0 up to, but not including, 0.10.0. The vulnerability arises when GET /api/v1/channels/{id}/members returns full UserModelResponse objects for channel members, including settings.ui.toolServers[].key and webhook con...

6.5CVSS5.9AI score0.00265EPSS
Exploits1References3Affected Software1
CVE
CVE
added 5 days ago6 views

CVE-2026-59262

AFFiNE CVE-2026-59262 involves the histories GraphQL field failing to validate Doc.Read permissions before exposing edit histories. The vulnerability allows authenticated workspace members to supply arbitrary document GUIDs and access full edit histories, including user names, emails, and timesta...

7.1CVSS6AI score0.00238EPSS
Exploits0References4
NVD
NVD
added 5 days ago6 views

CVE-2026-56220

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSERT policy that allows read-only org members to insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3path values that are served to device...

7.1CVSS0.00203EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-56220

Capgo before version 12.128.2 contains an authorization bypass in the public.manifest INSERT policy that lets read-only org members insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3_path values, which are served to devices via th...

7.1CVSS6AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the organization permission APIs due to insufficient visibility checks for hidden members and private organizations. An attacker can access private visibility information by querying these APIs. Remediation...

7.5CVSS6AI score0.00353EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.10 views

CVE-2026-25712

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

7.5CVSS0.00353EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.12 views

CVE-2026-25712

Gitea CVE-2026-25712 affects versions before 1.25.5. The issue is in the organization permission APIs (routers/api/v1/org) where visibility checks are insufficient, allowing an attacker to access private visibility information about hidden members and private organizations. The root cause is inad...

7.5CVSS6AI score0.00353EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 8:19 p.m.7 views

EUVD-2026-41622

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

6AI score0.00353EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.36 views

CVE-2026-25712 Gitea organization permission APIs expose private visibility information

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

0.00353EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.4 views

CVE-2026-25712

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

6AI score0.00353EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55593

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Insufficient visibility checks exist within organization permission APIs, which may affect hidden members and private organizations. Recommendations Update to version 1.25.5 or later...

7.5CVSS6.1AI score0.00353EPSS
Exploits0References7
NVD
NVD
added 2026/06/30 3:17 a.m.11 views

CVE-2026-12114

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS0.00212EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/30 2:30 a.m.35 views

CVE-2026-12114 Team Members <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'custom_css' Parameter

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS0.00212EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/30 2:30 a.m.13 views

CVE-2026-12114

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS5.9AI score0.00212EPSS
Exploits0References9
Rows per page
Query Builder