7 matches found
CVE-2026-59217
Open WebUI prior to version 0.10.0 allowed a metadata.knowledge_id value in file uploads to auto-link files to a knowledge base, bypassing the write-access check on /api/v1/knowledge//file/add. This enabled read-only knowledge-base users to add arbitrary files. The issue is fixed in version 0.10....
PT-2026-50136
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An authorization bypass allows any authenticated low-privilege user with read access to a repository to push arbitrary commits directly to that repository, bypassing write-access checks. This...
CVE-2021-33718
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.22, Mendix Applications using Mendix 8 All versions V8.18.7, Mendix Applications using Mendix 9 All versions V9.3.0. Write access checks of attributes of an object could be bypassed, if user has a write...
EUVD-2021-20395
Malware in sbrugna...
CVE-2011-0466
The API in SUSE openSUSE Build Service OBS 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a 1 package or 2 project via unspecified vectors...
CVE-2021-42025
A vulnerability has been identified in Mendix Applications using Mendix 8 All versions V8.18.13, Mendix Applications using Mendix 9 All versions V9.6.2. Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow...
CVE-2014-3084
The CVE-2014-3084 issue affects IBM Maximo Asset Management and related products (including Maximo Asset Management Essentials, Maximo Industry Solutions, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CMDB products). It allows re...