Lucene search
K

18 matches found

AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.6 views

CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

3.7CVSS5.4AI score0.00259EPSS
Exploits0
OSV
OSV
added 2026/06/05 4:28 p.m.5 views

GHSA-7P8G-6C6G-H9W7 praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/agents/agentid gate access on requireworkspacememberworkspaceid only, then resolve agentid through AgentService.getagentid which is a primary-key lookup with no workspace...

8.3CVSS5.5AI score0.00043EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 8:16 p.m.12 views

CVE-2026-48810

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS0.00155EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 8:16 p.m.14 views

CVE-2026-44561

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...

5.4CVSS0.00178EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/14 8:25 p.m.62 views

Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint

Summary An IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same channel. This vulnerability affects the latest version v0.8.12 of Open WebUI. Details In the updatemessagebyid...

4.3CVSS5.6AI score0.00204EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 9:6 p.m.7 views

CVE-2026-44426 ShellHub: Cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/07 3:2 a.m.18 views

ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check

Summary GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own tenant scope. The handler conditionally skips the...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/07 2:59 a.m.6 views

CVE-2026-41662

Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...

5.2CVSS5.8AI score0.00285EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/05 10:35 a.m.5 views

corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...

8.2CVSS5.8AI score0.00867EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.18 views

PT-2026-29516

Name of the Vulnerable Software and Affected Versions Corosync affected versions not specified Description A flaw exists in Corosync where a remote, unauthenticated attacker can exploit a wrong return value vulnerability in the membership commit token sanity check. This is achieved by sending a...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References69
NVD
NVD
added 2026/03/11 5:16 p.m.5 views

CVE-2026-30236

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...

4.3CVSS0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 4:25 p.m.2 views

CVE-2026-30236 OpenProject users that are not project members can be used to calculate Labor Budget, leaking their global hourly rate

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 4:25 p.m.16 views

CVE-2026-30236

CVE-2026-30236 affects OpenProject before 17.2.0. When editing a project budget and planning labor costs, the system did not verify that the budget-assigned user is a project member, exposing that user’s default rate to non-members. The pre-calculation endpoint used to render cost previews simila...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/24 8:1 a.m.32 views

CVE-2025-13767 Unauthorized Read Access to Private Channel Posts via Mattermost Jira Plugin

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...

4.3CVSS0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-34243

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0054EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2025/09/22 12:0 a.m.7 views

Unbreakable Enterprise kernel security update

5.15.0-312.187.5.3 - HID: core: do not bypass hidhwrawrequest Benjamin Tissoires Orabug: 38454666 CVE-2025-38494 - vsock: Do not allow binding to VMADDRPORTANY Budimir Markovic Orabug: 38454665 CVE-2025-38618 - cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns Al Viro...

8.9AI score0.002EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:0 a.m.5 views

CVE-2023-28357

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...

4.3CVSS6.7AI score0.00412EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.4 views

New-Ringer-Server 安全漏洞

New-Ringer-Server is the server code for a Ringer messaging application open-sourced by Lif Platforms. A security vulnerability exists in versions of New-Ringer-Server prior to 1.3.1 that stems from loading a message route without checking that the user loading the session is actually a member of...

7.1CVSS6.9AI score0.00342EPSS
Exploits0References3
Rows per page
Query Builder