8 matches found
CVE-2026-45316 Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can...
WordPress plugin Elementor Website Builder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
GHSA-282G-FHMX-XF54 ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API
Summary A vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. Impact Zitadel provides an API for managing users. The API also allows users to self-manage their own data including updati...
WordPress plugin CP Image Store with Slideshow 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2022-5195
Malicious code in bioql PyPI...
Wordpress 安全漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers, and a permission checking error vulnerability exists in Wordpress, which stems from the wp-admin/press-this.php script that...
Jenkins Matrix Authorization Strategy 安全漏洞
Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...
Podman Access Control Error Vulnerability
An access control error vulnerability exists in Podman that stems from not properly checking the file permissions of a non-root user running in a privileged container. A low-privileged user in the container could abuse this vulnerability to access any other file in the container...