Résumé
Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles
Références
Vulnérabilités liées
Tout Supply chain →- HIGHGHSA-HJWC-26PJ-V3PM
AgenticMail: Cross-agent task authorization bypass in AgenticMail API
- CRITICALGHSA-8FQ9-273G-6MRG
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
- HIGHGHSA-VRHC-3FR6-PC3C
Open WebUI: Forged chat-file link allows cross-user file read and deletion
- MEDIUMGHSA-MPC8-JXJH-QPGH
OpenClaw: Focus command could miss controlScope enforcement
- MEDIUMGHSA-72FW-CQH5-F324
OpenClaw: memory-wiki shared search could miss session visibility checks
- MEDIUMGHSA-JR45-52CW-69H5
NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)