18 matches found
CVE-2026-42770
Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...
GHSA-7P8G-6C6G-H9W7 praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR
Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/agents/agentid gate access on requireworkspacememberworkspaceid only, then resolve agentid through AgentService.getagentid which is a primary-key lookup with no workspace...
CVE-2026-48810
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...
CVE-2026-44561
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...
Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint
Summary An IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same channel. This vulnerability affects the latest version v0.8.12 of Open WebUI. Details In the updatemessagebyid...
CVE-2026-44426 ShellHub: Cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...
ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check
Summary GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own tenant scope. The handler conditionally skips the...
CVE-2026-41662
Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...
corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...
PT-2026-29516
Name of the Vulnerable Software and Affected Versions Corosync affected versions not specified Description A flaw exists in Corosync where a remote, unauthenticated attacker can exploit a wrong return value vulnerability in the membership commit token sanity check. This is achieved by sending a...
CVE-2026-30236
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...
CVE-2026-30236 OpenProject users that are not project members can be used to calculate Labor Budget, leaking their global hourly rate
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...
CVE-2026-30236
CVE-2026-30236 affects OpenProject before 17.2.0. When editing a project budget and planning labor costs, the system did not verify that the budget-assigned user is a project member, exposing that user’s default rate to non-members. The pre-calculation endpoint used to render cost previews simila...
CVE-2025-13767 Unauthorized Read Access to Private Channel Posts via Mattermost Jira Plugin
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...
EUVD-2023-34243
Malicious code in bioql PyPI...
Unbreakable Enterprise kernel security update
5.15.0-312.187.5.3 - HID: core: do not bypass hidhwrawrequest Benjamin Tissoires Orabug: 38454666 CVE-2025-38494 - vsock: Do not allow binding to VMADDRPORTANY Budimir Markovic Orabug: 38454665 CVE-2025-38618 - cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns Al Viro...
CVE-2023-28357
A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...
New-Ringer-Server 安全漏洞
New-Ringer-Server is the server code for a Ringer messaging application open-sourced by Lif Platforms. A security vulnerability exists in versions of New-Ringer-Server prior to 1.3.1 that stems from loading a message route without checking that the user loading the session is actually a member of...