Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2026/05/15 9:30 p.m.10 views

CVE-2026-45316 Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can...

3.5CVSS5.8AI score0.00218EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

WordPress plugin Elementor Website Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References2
OSV
OSV
added 2026/02/27 9:26 p.m.6 views

GHSA-282G-FHMX-XF54 ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API

Summary A vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. Impact Zitadel provides an API for managing users. The API also allows users to self-manage their own data including updati...

8.2CVSS7AI score0.00176EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.3 views

WordPress plugin CP Image Store with Slideshow 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS5.8AI score0.00261EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5195

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00877EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/18 12:0 a.m.5 views

Wordpress 安全漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers, and a permission checking error vulnerability exists in Wordpress, which stems from the wp-admin/press-this.php script that...

6.5CVSS5.6AI score0.00691EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.18 views

Jenkins Matrix Authorization Strategy 安全漏洞

Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...

6.5CVSS5.7AI score0.01011EPSS
Exploits0References13
CNNVD
CNNVD
added 2021/02/10 12:0 a.m.4 views

Podman Access Control Error Vulnerability

An access control error vulnerability exists in Podman that stems from not properly checking the file permissions of a non-root user running in a privileged container. A low-privileged user in the container could abuse this vulnerability to access any other file in the container...

7CVSS6.9AI score0.00261EPSS
Exploits0References8
Rows per page
Query Builder