Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)

Summary The POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can pin/unpin it, which is a state-modifying action that should require write permission. All other write endpoin...

CVE-2026-42291

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...

SysReptor 安全漏洞

SysReptor is an open-source penetration testing report platform developed by Syslifters. Versions of SysReptor from 2026.4 to 2026.27 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization at the endpoints when reading and creating personal note-sharing link...

EUVD-2018-10989

Malware in sbrugna...

EUVD-2025-20222

Malicious code in bioql PyPI...

EUVD-2024-38293

Malicious code in bioql PyPI...

EUVD-2025-20356

Malicious code in bioql PyPI...

EUVD-2025-17064

Malicious code in bioql PyPI...

CVE-2025-7157

A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-7157

A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-7157

A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-7157 code-projects Online Note Sharing login.php sql injection

A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-7157 code-projects Online Note Sharing login.php sql injection

A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-7157

CVE-2025-7157 affects Code-Projects Online Note Sharing 1.0. A vulnerability in /login.php arises from improper handling of the username and password parameters, enabling SQL injection. The flaw is exploitable remotely and has had exploits disclosed publicly. Multiple sources confirm the issue an...

Code-Projects Online Note Sharing 注入漏洞

Code-Projects Online Note Sharing is an online note sharing software from Code-Projects open source. Code-Projects Online Note Sharing version 1.0 suffers from an injection vulnerability, which stems from an incorrect manipulation of the parameters username/password in the file /login.php resulti...

PT-2025-28325 · Unknown · Code-Projects Online Note Sharing

Name of the Vulnerable Software and Affected Versions: code-projects Online Note Sharing version 1.0 Description: A critical issue was found in the code, affecting an unknown function of the file /login.php. The manipulation of the username and password arguments leads to SQL injection. This issu...

CVE-2025-7124

A vulnerability classified as critical has been found in code-projects Online Note Sharing 1.0. Affected is an unknown function of the file /dashboard/userprofile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. It is possible to...

CVE-2025-7124

A vulnerability classified as critical has been found in code-projects Online Note Sharing 1.0. Affected is an unknown function of the file /dashboard/userprofile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. It is possible to...

CVE-2025-7124

CVE-2025-7124 affects code-projects Online Note Sharing 1.0, specifically the Profile Image Handler’s /dashboard/userprofile.php. The vulnerability arises from improper handling of the image parameter, enabling unrestricted file uploads. Reported as exploitable remotely, with exploit activity dis...

CVE-2025-48911

Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability...