2 matches found
CVE-2025-64012
InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data...
Incorrect Access Control
open-webui is vulnerable to Incorrect Access Control. The vulnerability is due to missing ownership verification in the /api/tasks/stop/ API, allowing a normal user to stop arbitrary LLM response tasks by directly cancelling tasks without proper authorization checks...