5 matches found
CVE-2026-42276
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/chatsessionid endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An...
CVE-2026-28462 OpenClaw < 2026.2.13 - Path Traversal in Trace and Download Output Paths
OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...
Access Control Bypass
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Access Control Bypass via the /api/tasks/stop/taskid endpoint. An attacker can enumerate tasks running by other users and use taskid to terminate any tasks running on the server. Remediation Upgrade open-webu...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.6.33, which stems from the API /api/tasks/stop/ direct access and cancel tasks without verifying user ownership, which could lead an...
PT-2018-5359 · Ethereum · Cpp-Ethereum
Name of the Vulnerable Software and Affected Versions: cpp-ethereum version affected versions not specified Description: An issue exists in the miner stop API endpoint of cpp-ethereum's JSON-RPC, where improper authorization can be exploited. An attacker can send JSON data to trigger this issue...