5 matches found
CVE-2026-45666 Open WebUI: Indirect Object Reference (IDOR) in user notes
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/noteid endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. Th...
EUVD-2014-4655
Malware in sbrugna...
PT-2024-31561 · Oracle +1 · Mysql Server +1
Name of the Vulnerable Software and Affected Versions: HedgeDoc versions prior to 1.10.0 Description: HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existi...
CVE-2014-4736
SQL injection vulnerability in E2 before 2.4 2845 allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process...
Sql injection
SQL injection vulnerability in E2 before 2.4 2845 allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process...