Missing authorization in the OpenAI thread/message API endpoints of GROWI JVNRSS Feed - Update Entry By: jvn@jvn.jp 16 March 2026 at 06:00 GROWI provided by GROWI, Inc. contains a missing authorization vulnerability in the OpenAI thread/message API endpoints.
OpenLiteSpeed and LSWS Enterprise vulnerable to OS command injection JVNRSS Feed - Update Entry By: jvn@jvn.jp 16 March 2026 at 04:00 OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability.