Skip to main content
CVE-2026-54016 MEDIUM PATCH GHSA This Month

Broken Object Level Authorization in Open WebUI's `search_knowledge_files` builtin tool (versions ≤ 0.9.5) allows any authenticated user to enumerate file metadata from private or restricted knowledge bases they do not own or have permission to access. By sending a crafted chat completion request with native function calling enabled and supplying an arbitrary `knowledge_id`, an attacker bypasses the `AccessGrants` permission model entirely, receiving file IDs, filenames, knowledge base names, and timestamps. No KEV listing exists at time of analysis, but a detailed proof-of-concept with full reproduction steps is publicly documented in GitHub Security Advisory GHSA-cx9v-4qj2-jrw6, and a vendor-released patch is available in version 0.9.6.

Python Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-37496 MEDIUM This Month

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.3.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Metro Magazine
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31435 MEDIUM This Month

: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.8.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Social Media Share Icons
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-20178 MEDIUM This Month

Open redirect in the browser-based Cisco Webex App allowed unauthenticated remote attackers to redirect users to attacker-controlled websites by crafting malicious URLs with manipulated parameters. The vulnerability (CWE-601) stems from improper input validation of URL parameters in HTTP requests and scores CVSS 4.3 Medium (AV:N/AC:L/PR:N/UI:R). Cisco has fully remediated this server-side with no customer action required; no public exploit or CISA KEV listing exists at time of analysis.

Cisco Open Redirect Cisco Webex App
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-20265 MEDIUM This Month

Outbound SSRF-class data exfiltration in Splunk AI Toolkit versions below 5.7.4 allows any low-privileged authenticated Splunk user - without admin or power roles - to redirect the AI agent's HTTP request mechanism to an attacker-controlled server. The root cause is an insecure default domain allowlist shipped with the toolkit that places no restrictions on which external domains the AI agent may contact. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the low privilege barrier makes it broadly relevant in enterprise Splunk deployments with many standard users.

Splunk Information Disclosure Splunk Ai Toolkit
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-12515 MEDIUM PATCH This Month

Insufficient authorization in the Katello ContentUploadsController within Red Hat Satellite 6 permits authenticated users holding only the edit_products permission to query content metadata for repositories belonging to products they have no rights to manage. The flaw, rooted in a missing ActiveRecord scope on repository lookup, allows cross-product content-existence enumeration via the content-upload API - but explicitly does not permit modification, import, or publication of content. No public exploit exists and the vulnerability is not listed in CISA KEV; risk is bounded by the authentication requirement and the limited read-only impact.

Authentication Bypass Red Hat Red Hat Hardened Images Red Hat Satellite 6
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-24709 MEDIUM This Month

Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels.7.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Shareaholic
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-54006 MEDIUM PATCH GHSA This Month

{event_id}/update` endpoint validates write access only on the source calendar, silently omitting the destination `calendar_id` authorization check that `create_event` correctly enforces - a classic IDOR pattern. A verified public proof-of-concept exists against v0.9.4 (the official Docker image); the fix is available in v0.9.6. No CISA KEV listing was present in the input data, so widespread in-the-wild exploitation is unconfirmed.

Python Authentication Bypass XSS Docker
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-55517 MEDIUM PATCH GHSA This Month

Process-terminating denial of service in Deno's WebSocket client (versions <= 2.7.4) allows any server - or a network man-in-the-middle on an unencrypted ws:// connection - to crash a Deno application by returning non-visible-ASCII bytes (0x80-0xFF) in the Sec-WebSocket-Protocol or Sec-WebSocket-Extensions handshake response headers. The root cause is an unhandled Rust panic in the HTTP upgrade path: HeaderValue::to_str() returns an error for out-of-range bytes, and that error path was not caught, causing the entire Deno process to abort. No public exploit has been identified at time of analysis and this is not listed in the CISA KEV catalog; impact is strictly availability - the advisory explicitly states there is no information disclosure or memory-safety consequence.

Information Disclosure Denial Of Service
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33685 MEDIUM This Month

Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Startupzy
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-35648 MEDIUM This Month

Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Emergency Password Reset
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34810 MEDIUM This Month

Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery.0.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Skyline Wp
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-40723 MEDIUM This Month

Broken Access Control in Bricks Builder for WordPress (versions up to and including 2.1.4) allows subscriber-level authenticated users to perform actions that should be restricted to higher-privilege roles such as editor or administrator. Rooted in CWE-862 (Missing Authorization), the flaw means certain builder endpoints or AJAX actions execute without verifying whether the requesting user holds sufficient capabilities. No public exploit code identified at time of analysis, and this CVE is not listed in CISA KEV; however, the low authentication barrier (any registered subscriber) on sites with open registration increases realistic exposure.

Authentication Bypass Bricks Builder
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-24610 MEDIUM This Month

Broken Access Control in MetForm Pro WordPress plugin (versions <= 3.9.1) permits subscriber-level authenticated users to perform actions restricted to higher-privileged roles, resulting in unauthorized low-level integrity modifications. The flaw stems from missing authorization checks (CWE-862) on one or more plugin endpoints or AJAX handlers accessible to the lowest standard WordPress role. No active exploitation has been confirmed by CISA KEV, and no public exploit code has been identified at time of analysis, but the low attack complexity and network accessibility make this exploitable by any user with a valid WordPress subscriber account on an affected site.

Authentication Bypass Metform Pro
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-24575 MEDIUM This Month

Broken access control in WishList Member X WordPress plugin (versions ≤ 3.29.0) permits authenticated subscriber-level users to access membership-restricted content without holding the required membership tier. Rooted in CWE-862 (Missing Authorization), the plugin fails to enforce authorization checks on protected content access paths, exposing paid or restricted resources to the lowest WordPress authenticated role. No public exploit has been identified at time of analysis, and this vulnerability has not been added to the CISA KEV catalog.

Authentication Bypass Wishlist Member X
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-48571 MEDIUM This Month

In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-12460 MEDIUM PATCH This Month

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. (Chromium security severity: High)

Google Chrome Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.2
EPSS
0.3%
CVE-2026-12453 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Google Chrome Authentication Bypass Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
4.2
EPSS
0.3%
CVE-2026-12457 MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Google Chrome Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.2
EPSS
0.2%
CVE-2026-12456 MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)

Google Chrome Authentication Bypass Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
4.2
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy