3 matches found
CVE-2026-42276
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/chatsessionid endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An...
CVE-2026-23646
OpenProject versions before 16.6.5 and 17.0.1 are affected. The vulnerability arises in session management: when a user deletes a session via DELETE /my/sessions/:id, the system did not verify that the session actually belonged to the requesting user. Because session IDs are incremental integers,...
UBUNTU-CVE-2014-3684
The tmadopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary...