CVE-2025-51479
- EPSS 0.06%
- Veröffentlicht 22.07.2025 00:00:00
- Zuletzt bearbeitet 09.10.2025 16:10:38
Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing inten...
CVE-2025-7894
- EPSS 0.04%
- Veröffentlicht 20.07.2025 14:02:07
- Zuletzt bearbeitet 17.09.2025 14:41:38
A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py of the component Chat I...
CVE-2024-7767
- EPSS 0.07%
- Veröffentlicht 20.03.2025 10:11:20
- Zuletzt bearbeitet 15.10.2025 13:15:52
An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This vulnerability allows the first user created in the system to view, modify, and delete chats created by an Admin. This can lead to unauthorized access to sensi...
CVE-2024-9612
- EPSS 0.06%
- Veröffentlicht 20.03.2025 10:11:08
- Zuletzt bearbeitet 03.04.2025 18:10:11
In danswer-ai/danswer v0.3.94, administrators can set the visibility of pages within a workspace, including the search page. When the search page is set to be invisible, regular users cannot view the search page or access its functionalities from the...