206 matches found
CVE-2026-59227
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to...
CVE-2026-59227
Vulnerability summary: CVE-2026-59227 affects Open WebUI prior to 0.10.0. Affected endpoint: POST /api/v1/images/edit. The issue allowed a non-admin user with a verified account to bypass the global image-edit switch and per-user image-generation permissions, enabling server-side image editing wi...
CVE-2026-46700
Actual is a local-first personal finance tool. Prior to 26.6.0, the GET /secret/:name endpoint in @actual-app/sync-server checks only that the caller has a valid session and does not verify the caller is an admin, while the sibling POST /secret/ handler enforces an admin check in OpenID mode. Any...
CVE-2026-34050
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in its mount method, allowing non-admin users to access the Updates settings page and potentially...
CVE-2026-34050
CVE-2026-34050 affects Coolify, specifically the Settings/Updates Livewire component. The root cause is a missing isInstanceAdmin check in the component's mount method, allowing non-admin users to access the Updates settings page and potentially modify auto-update settings or trigger update check...
GHSA-C6V2-3FFM-VCMC Nebula Mesh: Web UI lacks ownership checks, enabling cross-operator access to hosts and networks (read, block, delete)
Summary The web UI /ui/ does not apply the per-operator CA scoping the JSON API received for GHSA-598g-h2vc-h5vg. Any authenticated non-admin operator for example, one created via self-registration or OIDC can access resources belonging to other operators. Impact A non-admin operator can: - Block...
EUVD-2026-39190
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...
EUVD-2026-38681
The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...
motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint
Summary motionEye v0.43.1 latest stable is vulnerable to path traversal in the picture and movie API endpoints, like /picture/id/preview/filename. Neither the API handlers, nor the mediafiles.py functions like getmediapreview check for .. sequences in the filename parameter, except getmediaconten...
CVE-2026-47124 Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...
EUVD-2026-36580
An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...
CVE-2026-49157
A flaw was found in Apache ActiveMQ. The default authorization settings for Jolokia, a management interface, incorrectly allowed non-administrative web-login accounts to access and execute critical broker management operations. This could enable a low-privilege attacker to perform actions typical...
CVE-2026-48507
Snipe-IT (IT asset/license management system) has a vulnerability affecting versions before 8.6.0. A non-admin user with only the granular users.edit permission can lock out admins by editing the activated flag (login eligibility) and the ldap_import flag (password reset requests). The issue is f...
PT-2026-47559
Summary An authorization issue in the Scheduler API allowed authenticated non-admin users to create or modify scheduled actions that should be restricted to administrators. Details The Scheduler API did not correctly enforce administrator permissions when processing scheduler modifications. As a...
CVE-2026-39454
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...
CVE-2026-9522
Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...
CVE-2026-44848
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...
CVE-2026-45279
Nextcloud Server versions 31.0.0–31.0.13 and 32.0.0–32.0.3 are affected when {lang} is used in the template directory config value. Non-admin users can in some cases copy arbitrary files into their own Nextcloud directory via a path traversal, depending on Unix permissions. Impact is described as...
CVE-2026-49157
Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...
EUVD-2026-33574
Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...