Résumé
Open WebUI: Forged chat-file link allows cross-user file read and deletion
Références
Vulnérabilités liées
Tout Supply chain →- HIGHGHSA-HJWC-26PJ-V3PM
AgenticMail: Cross-agent task authorization bypass in AgenticMail API
- CRITICALGHSA-8FQ9-273G-6MRG
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
- MEDIUMGHSA-4R4W-2WGP-W7CJ
Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion
- HIGHGHSA-VJQM-6GCC-62CR
Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion
- HIGHGHSA-QXVM-PCFM-QC39
Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles
- MEDIUMGHSA-MPC8-JXJH-QPGH
OpenClaw: Focus command could miss controlScope enforcement