Lucene search
K

9 matches found

NVD
NVD
added 2026/05/19 11:16 p.m.14 views

CVE-2026-34744

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this...

5.3CVSS0.00362EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/19 10:45 p.m.34 views

CVE-2026-34744 MantisBT authorization bypass allows continued access to self-uploaded attachments on private issues

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this...

5.3CVSS0.00362EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:24 p.m.8 views

CVE-2026-44571

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels i.e., channels whose channel.type is neither group nor dm, the endpoint POST /api/v1/channels/channelid/messages/messageid/update can be accessed with read...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/13 8:28 p.m.10 views

CVE-2026-43890

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route...

7.7CVSS5.8AI score0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 9:10 p.m.9 views

CVE-2026-43889 Outline: Unauthorized Document Publication via Mixed collectionId+documentId Share

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/11 9:53 p.m.12 views

SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions

LIVE SELECT statements are used to capture changes to data within a table in real time. Documents included in WHERE conditions and DELETE notifications were not properly reduced to respect the querying user's security context. Instead the leaked documents reflect the context of the user triggerin...

5.7CVSS6.7AI score0.00298EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2016-10148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a getplugindata call before checking the updateplugins...

4.3CVSS6AI score0.01641EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/08/27 8:35 a.m.67 views

postgresql: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

6.5CVSS7.4AI score0.06324EPSS
Exploits0References5
OSV
OSV
added 2017/01/18 9:59 p.m.7 views

DEBIAN-CVE-2016-10148

The wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a getplugindata call before checking the updateplugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to...

4.3CVSS6.9AI score0.01641EPSS
Exploits0References1
Rows per page
Query Builder