Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.11 views

PT-2026-50482

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An authenticated user can attach arbitrary file id values to their own chat messages because the system fails to verify if the user owns or has read access to those files. By sharing the chat and...

8.3CVSS6AI score0.00241EPSS
Exploits1References9
OSV
OSV
added 2026/04/03 3:30 p.m.5 views

GHSA-VPH7-R229-QXPF Focalboard doesn't validate file ownership when serving uploaded files

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued...

4.3CVSS5.9AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 2019/05/13 2:29 p.m.3 views

CVE-2018-18524

Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on t...

6.1CVSS6AI score
Exploits0References2
Exploit DB
Exploit DB
added 2011/08/04 12:0 a.m.18 views

Xpdf 3.02-13 - 'zxpdf' Security Bypass

source: https://www.securityfocus.com/bid/49007/info Xpdf is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in...

7.4AI score
Exploits0
Rows per page
Query Builder