Summary
PraisonAI: Missing ownership check on DELETE endpoints allows members to delete others' content in Platform API
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-FCVX-5CXC-V5P8
OpenClaw: Slack reaction events could ignore reaction notification settings
- MEDIUMGHSA-JR45-52CW-69H5
NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)
- HIGHGHSA-VJQM-6GCC-62CR
Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion
- MEDIUMGHSA-Q59X-JC9F-GFQF
Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints
- MEDIUMGHSA-5739-39V2-5754
PHP JWT Library: RSA1_5 (RSAES-PKCS1-v1_5) decryption lacks implicit rejection, exposing a Bleichenbacher/Marvin padding oracle
- HIGHGHSA-JC38-X7X8-2XC8
PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks