openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-0766 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-0766 Source advisory: SNYK:PYTHON-OPENWEBUI-15091593...

CVE-2026-0766

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2022-0766

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...

CVE-2026-0766

creationtimestamp| type| source ---|---|--- 2026-01-09 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-26-032/ 2026-01-23 06:40:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md33r42wu32h 2026-01-23 08:51:48+00:00| seen|...

CVE-2014-0766

creationtimestamp| type| source ---|---|--- 2025-09-19 19:48:34+00:00| seen| Telegram/aOCBEdj6iI-k6dOcddVboDrYP4jZgGox145O7FBShuVNgyY...

CVE-2011-0766

creationtimestamp| type| source ---|---|--- 2025-04-19 06:59:22+00:00| seen| https://bsky.app/profile/jj1bdx.tokyo/post/3ln5kqdnrfk2x...

Linux Distros Unpatched Vulnerability : CVE-2013-0766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1,...

CVE-2023-0766

creationtimestamp| type| source ---|---|--- 2025-01-10 21:03:46+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1223...

K000148250: PostgreSQL vulnerabilities CVE-2016-0766, CVE-2015-3167, CVE-2015-0243, CVE-2015-0242, and CVE-2015-0241

Security Advisory Description CVE-2016-0766 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via...

CVE-2024-0766 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.4 is vulnerable to Broken Access Control

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0766 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 22e97da9a3f1...

WordPress Newsletter Popup Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Newsletter Popup Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0766 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5cf141768871 Credits Lana Codes Required...

CVE-2021-0766

CVE-2021-0766 is listed in the Android 12 security release notes under the System component with type Elevation of Privilege (EoP) and High severity. The provided documents do not include the exact root cause, affected subcomponents, vulnerable versions, or remediation details beyond the general ...

Server-Side Request Forgery (SSRF)

Description The fixes for CVE-2022-0767 & CVE-2022-0766 only address loopback/localhost IP addresses, this is an issue as other internal endpoints may be accessible to an attacker one of the most popular examples is 169.254.169.254 which is the AWS metadata address Proof of Concept The same as...

CVE-2022-0766

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...

CVE-2022-0766 Server-Side Request Forgery (SSRF) in janeczku/calibre-web

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...

CVE-2022-0766

CVE-2022-0766 describes a Server-Side Request Forgery (SSRF) in the GitHub repository janeczku/calibre-web prior to version 0.6.17. The vulnerability arises from an incomplete fix for a prior issue, allowing an attacker to induce the vulnerable service to make requests to internal or external res...

CVE-2022-0766 Server-Side Request Forgery (SSRF) in janeczku/calibre-web

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...

Advisory ROSA-SA-2021-1829

Software: erlang R16B OS: Cobalt 7.9 CVE-ID: CVE-2011-0766 CVE-Crit: MEDIUM CVE-DESC: The random number generator in the Crypto application before 2.0.2.2.2 and SSH before 2.0.5, which was used in the Erlang / OTP ssh library before R14B03, uses predictable starting numbers based on the current...

SUSE: Security Advisory (SUSE-SU-2016:0677-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...