Tag

Data_manipulation

3 briefs RSS

Open WebUI IDOR Vulnerability in Retrieval API Allows Unauthorized Access and Modification of Knowledge Bases

Open WebUI is vulnerable to an IDOR vulnerability in its Retrieval API that bypasses knowledge base access controls, allowing any authenticated user who knows a private knowledge base UUID to read, inject content into, or overwrite another user's knowledge base.

Open WebUI idor authorization_bypass data_manipulation

2r 1t May 14, 2026

high advisory

SiYuan Publish-Mode Reader Configuration and Index Mutation Vulnerability

2 rules 1 TTP

SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs, leading to configuration changes, denial of service, data corruption, and information disclosure by manipulating cloud sync intervals, graph configurations, SQL block content, and recent-documents lists.

siyuan misconfiguration unauthorized_access data_manipulation

2r 1t May 13, 2026

critical advisory

ImageMagick Multiple Vulnerabilities Leading to DoS, Code Execution, or Data Manipulation

2 rules 1 TTP

Multiple vulnerabilities in ImageMagick could allow an attacker to perform a denial of service attack, execute arbitrary code, or manipulate data.

imagemagick vulnerability dos code_execution data_manipulation

2r 1t Mar 31, 2026