Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/08 3:49 a.m.6 views

CVE-2026-42276

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/chatsessionid endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An...

4.3CVSS5.8AI score0.00279EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.0 views

CVE-2026-28462 OpenClaw < 2026.2.13 - Path Traversal in Trace and Download Output Paths

OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...

8.7CVSS5.8AI score0.00425EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/04 3:45 p.m.7 views

Access Control Bypass

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Access Control Bypass via the /api/tasks/stop/taskid endpoint. An attacker can enumerate tasks running by other users and use taskid to terminate any tasks running on the server. Remediation Upgrade open-webu...

5.3CVSS5.9AI score0.00263EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.6 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.6.33, which stems from the API /api/tasks/stop/ direct access and cancel tasks without verifying user ownership, which could lead an...

4.3CVSS6.5AI score0.00263EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2018/01/19 12:0 a.m.4 views

PT-2018-5359 · Ethereum · Cpp-Ethereum

Name of the Vulnerable Software and Affected Versions: cpp-ethereum version affected versions not specified Description: An issue exists in the miner stop API endpoint of cpp-ethereum's JSON-RPC, where improper authorization can be exploited. An attacker can send JSON data to trigger this issue...

8.1CVSS4.3AI score0.01599EPSS
Exploits2References3
Rows per page
Query Builder