CVE-2026-3958

A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/apiserver.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The...

CVE-2026-3958 Woahai321 ListSync JSON api_server.py requests.post server-side request forgery

A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/apiserver.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The...

CVE-2026-3958

Woahai321 ListSync ≤0.6.6 is affected. The vulnerability is in the function requests.post of list-sync-main/api_server.py (JSON Handler) and allows server-side request forgery. It can be exploited remotely; an exploit has been disclosed publicly. Attackers may use the vulnerable server to make un...

CVE-2023-50477

An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js...

Linux Distros Unpatched Vulnerability : CVE-2013-4492

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via...

CVE-2025-46719

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A cross-site scripting vulnerability exists in versions of Open WebUI prior to 0.6.6 that stems from improper rendering of HTML tags in chat messages, which could lead to cross-site scripting...

Openh264 Decoding Functions Heap Overflow Vulnerability

OpenH264 recently reported a heap overflow that was fixed in upstream 63db555 and integrated into our 0.6.6 release. For users relying on Cisco's pre-compiled DLL, we also published 0.8.0, which is compatible with their latest fixed DLL version 2.6.0. In other words: - if you rely on our source...

@0xgg/echomd (>=1.0.0 <=1.0.4), @5lions/library-registry-admin (=0.0.0) +1337 more potentially affected by CVE-2024-45801 via dompurify (>=0.6.6 <=2.5.0)

dompurify NPM version =0.6.6, =1.0.0, =0.2.0-beta.9, =0.2.0-beta.13, =3.0.0, =2.2.0, =6.4.3, =0.0.2, =1.0.1, =0.6.0, =0.3.0, =0.1.0, =0.1.0-a0, =1.1.0 and more Source cves: CVE-2024-45801 Source advisory: OSV:GHSA-MMHX-HMJR-R674...

0lever-utils (>=0.0.2 <=0.0.7), accuhit-db (=0.9.1) +485 more potentially affected by CVE-2024-36039 via pymysql (>=0.6.6 <=1.1.0)

pymysql PYPI version =0.6.6, =0.0.2, =2.0.0, =0.1.0, =1.1.4, =0.5.0, =1.0.0a1, =3.0.0, =0.1.0, =4.2.1 and more Source cves: CVE-2024-36039 Source advisory: OSV:GHSA-V9HF-5J83-6XPP...

CVE-2023-50477

An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js...

PT-2023-31576 · Unknown · Nos Client

Name of the Vulnerable Software and Affected Versions: nos client version 0.6.6 Description: An issue was discovered in the nos client, allowing remote attackers to escalate privileges via the getRPCEndpoint.js file. Recommendations: For nos client version 0.6.6, consider disabling the...

SUSE CVE-2015-3886

libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors...

[SECURITY] Fedora 37 Update: libopenmpt-0.6.6-1.fc37

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

[SECURITY] Fedora 35 Update: rust-ron0.6-0.6.6-1.fc35

Rusty Object Notation...

[SECURITY] Fedora 34 Update: rust-ron0.6-0.6.6-1.fc34

Rusty Object Notation...

UBUNTU-CVE-2021-3746

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerabili...

Calibre-Web Authorization Issues Vulnerability

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database. An authorization issue vulnerability exists in Calibre-Web version 0.6.6, which stems from the program's use of a hard-coded secret key that can be exploited by an attacker to bypass...