4638 matches found
CVE-2026-47388
NocoDB is affected by CVE-2026-47388: Missing ownership check in MCP Attachment Read allows a low-privilege MCP token holder with knowledge of an attachment path to read files in shared storage (including attachments from other bases/workspaces). The issue arises because readAttachment did not ve...
CVE-2025-64105
Summary: FOSSBilling
CVE-2026-54022
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs b...
CVE-2026-54012
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the...
CVE-2026-54015
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the promptid in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that...
CVE-2026-34912
A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...
CVE-2026-34913
A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...
CVE-2026-54006
Open WebUI prior to version 0.9.6 is vulnerable to an IDOR in the calendar events update endpoint. The vulnerability arises because POST /api/v1/calendars/events/{event_id}/update validates write access to the source calendar but does not validate the destination calendar_id in the request body, ...
CVE-2026-33760
Langflow (pre-1.9.0) exposes an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints (including builds, messages, and transactions) allow read, write, and delete actions on user-owned resources without verifying ownership, enabling an attacker to access or modify another user’s ...
CVE-2026-34912
A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...
CVE-2026-34913
A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...
CVE-2026-44957
A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...
CVE-2026-34913
CVE-2026-34913 describes a missing access control check in Revive Adserver up to version 6.0.6 in the campaign-trackers.php workflow, where a low-privileged user could link trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships. The und...
EUVD-2026-38510
A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...
EUVD-2026-38501
A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...
EUVD-2026-38502
A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...
CVE-2026-54307
CVE-2026-54307 affects n8n, an open source workflow automation platform. The vulnerability allows a member-level user with Editor access to a shared workflow to reference credentials they do not own via specific public API endpoints because credential ownership checks were only partially enforced...
CVE-2026-56222
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/rolebindings that fails to verify appid ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by...
CVE-2026-56222
Capgo before 12.128.2 has an authorization bypass in POST /private/role_bindings due to failure to verify app_id ownership during app-scoped role binding creation. An administrator in one organization can create role bindings targeting apps owned by other organizations, enabling unauthorized read...
EUVD-2026-38427
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/rolebindings that fails to verify appid ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by...