Lucene search
+L

36 matches found

euvd
euvd
added 2026/07/09 4:57 p.m.9 views

EUVD-2026-42630

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parentid to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose...

3.1CVSS5.9AI score0.00255EPSS
Exploits0References4
osv
osv
added 2026/07/09 4:57 p.m.4 views

CVE-2026-59215 Open WebUI: Private channel messages can be disclosed through cross-channel thread parent_id binding

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parentid to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose...

3.1CVSS6.1AI score0.00255EPSS
Exploits0References6
cve
cve
added 2026/07/09 4:57 p.m.9 views

CVE-2026-59215

Open WebUI prior to 0.10.0 contains a cross-channel thread context exposure bug: channel thread parent_id binding did not bind to the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose thread context across channels. The issue is fixed in ve...

3.1CVSS5.9AI score0.00255EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2026/06/30 5:16 p.m.9 views

CVE-2026-58373

CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.getqueryset that allows authenticated attackers to enumerate quality report identifiers belonging to other organizations by exploiting a missing checkobjectpermissions call on the parentid query parameter ...

5.3CVSS0.002EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/30 3:58 p.m.36 views

CVE-2026-58373 CVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Organization Report Existence

CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.getqueryset that allows authenticated attackers to enumerate quality report identifiers belonging to other organizations by exploiting a missing checkobjectpermissions call on the parentid query parameter ...

5.3CVSS0.002EPSS
Exploits0References4
cve
cve
added 2026/06/30 3:58 p.m.19 views

CVE-2026-58373

CVAT before version 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.get_queryset that lets authenticated attackers enumerate quality report identifiers across organizations by exploiting a missing check_object_permissions on the parent_id parameter of the quality r...

5.3CVSS5.8AI score0.002EPSS
Exploits0References4Affected Software1
vulnrichment
vulnrichment
added 2026/06/30 3:58 p.m.8 views

CVE-2026-58373 CVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Organization Report Existence

CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.getqueryset that allows authenticated attackers to enumerate quality report identifiers belonging to other organizations by exploiting a missing checkobjectpermissions call on the parentid query parameter ...

5.3CVSS5.8AI score0.002EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.14 views

PT-2026-53931

Name of the Vulnerable Software and Affected Versions CVAT versions prior to 2.69.0 Description An improper authorization issue exists in the QualityReportViewSet.get queryset function. Authenticated attackers can enumerate quality report identifiers from other organizations by exploiting a missi...

5.3CVSS6AI score0.002EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.18 views

PT-2026-50771

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description An infinite loop Denial of Service DoS occurs during the process-tree walk when a parent process exits during authentication. The function usb get process parent id fails to initialize the ppid...

4.7CVSS5.9AI score0.00104EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/06 5:15 p.m.9 views

CVE-2026-11439 theonedev Parent Project projects improper authorization

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS6.1AI score0.00214EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/06/06 5:15 p.m.8 views

CVE-2026-11439

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS5AI score0.00214EPSS
Exploits0References7Affected Software1
euvd
euvd
added 2026/06/06 5:15 p.m.12 views

EUVD-2026-34974

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS5AI score0.00214EPSS
Exploits0References6
cve
cve
added 2026/06/06 5:15 p.m.26 views

CVE-2026-11439

The vulnerability CVE-2026-11439 affects Theonedev Onedev up to version 15.0.5 in the Parent Project Handler, specifically the /projects/ function where manipulating the argument project.parentId leads to improper authorization. The attack may be executed remotely. A fix is available in version 1...

6.5CVSS6.1AI score0.00214EPSS
Exploits0References6
osv
osv
added 2026/06/06 5:15 p.m.3 views

CVE-2026-11439 theonedev Parent Project projects improper authorization

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

5.3CVSS5.5AI score0.00214EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/06 12:0 a.m.28 views

PT-2026-47163

Name of the Vulnerable Software and Affected Versions onedev versions prior to 15.0.6 Description Improper authorization exists in the Parent Project Handler component within the '/projects/' file. A remote attacker can manipulate the project.parentId argument to bypass authorization controls...

6.5CVSS6.6AI score0.00214EPSS
Exploits0References9
nvd
nvd
added 2026/01/28 1:15 p.m.5 views

CVE-2020-36993

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...

5.4CVSS0.00249EPSS
Exploits1References4
euvd
euvd
added 2026/01/28 12:29 p.m.6 views

EUVD-2020-30901

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...

6.4CVSS6AI score0.00249EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/01/28 12:29 p.m.2 views

CVE-2020-36993 LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...

5.4CVSS6AI score0.00249EPSS
Exploits1References4
cvelist
cvelist
added 2026/01/28 12:29 p.m.30 views

CVE-2020-36993 LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...

5.4CVSS0.00249EPSS
Exploits1References4
cve
cve
added 2026/01/28 12:29 p.m.15 views

CVE-2020-36993

CVE-2020-36993 affects LimeSurvey 4.3.10, with a stored cross-site scripting vulnerability in the Survey Menu of the admin panel. The issue allows attackers to inject SVG scripts via Surveymenu[title] and Surveymenu[parent_id], enabling execution of arbitrary JavaScript in administrative contexts...

5.4CVSS6AI score0.00249EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder