Résumé
Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion
Références
Vulnérabilités liées
Tout Supply chain →- HIGHGHSA-VRHC-3FR6-PC3C
Open WebUI: Forged chat-file link allows cross-user file read and deletion
- HIGHGHSA-5CJ2-3JR2-5H77
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
- HIGHGHSA-HJWC-26PJ-V3PM
AgenticMail: Cross-agent task authorization bypass in AgenticMail API
- MEDIUMGHSA-JR45-52CW-69H5
NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)
- MEDIUMGHSA-2FJJ-QQG8-FG7X
praisonai-platform: Authorization Bypass Through User-Controlled Key
- CRITICALGHSA-8FQ9-273G-6MRG
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation