CVE-2025-32946

MEDIUM Year: 2025
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-282
View all →

Vulnerability Description

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, without checking if it belongs to the user.

Related Vulnerabilities

CVE-2020-10632

MEDIUM
CVSS:5.3(Medium)

Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an un...

CWE-2822020

CVE-2024-13246

MEDIUM
CVSS:5.3(Medium)

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2.

CWE-2822024

CVE-2024-13249

MEDIUM
CVSS:5.4(Medium)

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1....

CWE-2822024

CVE-2024-43176

MEDIUM
CVSS:5.4(Medium)

IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.

CWE-2822024

CVE-2023-0989

MEDIUM
CVSS:5.7(Medium)

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected C...

CWE-2822023

CVE-2024-45103

MEDIUM
CVSS:4.3(Medium)

A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.

CWE-2822024