47 matches found
EUVD-2026-30322
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...
EUVD-2026-12343
GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages...
CVE-2026-25083
GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages...
CVE-2026-3739
A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...
CVE-2026-3739
A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...
CVE-2026-3739
A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...
CVE-2026-3739
The CVE-2026-3739 vulnerability affects suitenumerique messages 0.2.0, specifically the ThreadAccessSerializer in src/backend/core/api/serializers.py (ThreadAccess component). The issue is a manipulation that leads to improper authentication, enabling remote exploitation. An exploit is publicly r...
CVE-2026-3739 suitenumerique messages ThreadAccess serializers.py ThreadAccessSerializer improper authentication
A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...
CVE-2026-3739
A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...
CVE-2025-68492
Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...
CVE-2025-68492
Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...
EUVD-2018-3326
Malware in sbrugna...
EUVD-2022-34111
Malicious code in bioql PyPI...
EUVD-2025-12396
Malicious code in bioql PyPI...
EUVD-2022-51205
Malicious code in bioql PyPI...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to failing to validate access controls at the time of access, which allows an attacker to read a thread via AI posts...
PT-2025-26071 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.0-rc5 Description: A data race issue in the Linux kernel's dmaengine sf-pdma component allows multiple threads to access and modify a DMA channel's descriptor simultaneously, leading to a NULL pointer...
CVE-2025-48941
CVE-2025-48941 (MyBB) : Affected software: MyBB versions prior to 1.8.39. Issue: the internal search does not properly validate thread visibility, allowing a user with search access to infer the existence of hidden threads (draft, unapproved, or soft-deleted) by title. The visible flag (mybb_thre...
CVE-2022-25666
Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...
CVE-2022-29790
The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions...