Lucene search
K

10 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50593

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description An authorization bypass exists in the ydoc:document:join Socket.IO handler. The handler only performs ownership checks when the document id variable starts with the prefix note: colon. However, t...

5.3CVSS5.9AI score0.00268EPSS
Exploits1References7
EUVD
EUVD
added 2026/05/15 9:7 p.m.19 views

EUVD-2026-30647

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/noteid endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. Th...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.11 views

CVE-2026-42291

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...

6.8CVSS5.8AI score0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 11:49 p.m.9 views

EUVD-2026-16048

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

8.1CVSS5.9AI score0.00274EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-42303

Malicious code in bioql PyPI...

8.2CVSS8.2AI score0.00664EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/15 10:34 p.m.2 views

CVE-2025-43203

The issue was addressed with improved handling of caches. This issue is fixed in iOS 26 and iPadOS 26, iOS 18.7 and iPadOS 18.7. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note...

4.7AI score0.00211EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:28 a.m.10 views

CVE-2024-45308

HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by t...

6.5CVSS7AI score0.00551EPSS
Exploits1
OSV
OSV
added 2025/05/12 10:15 p.m.6 views

CVE-2025-31228

The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access notes from the lock screen...

6.8CVSS5.7AI score0.00284EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/02 4:40 p.m.23 views

CVE-2024-45308 MySQL & free URL mode allows to hide existing notes in hedgedoc

HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by t...

6.5CVSS0.00551EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.5 views

CVE-2022-3330

It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1...

4.3CVSS6.6AI score0.00536EPSS
Exploits0References2
Rows per page
Query Builder