CVE-2026-44570

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-44570 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-44570 Source advisory: OSV:GHSA-HMJQ-CRXP-7RJW...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-44570 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-44570 Source advisory: SNYK:PYTHON-OPENWEBUI-16691118...

CVE-2026-44570

creationtimestamp| type| source ---|---|--- 2026-05-05 20:34:23+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-hmjq-crxp-7rjw 2026-05-21 00:07:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmd4spw3fu2w...

Fedora: Security Advisory (FEDORA-2025-a35addbf9b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-eae2126736)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-44570

creationtimestamp| type| source ---|---|--- 2025-02-14 10:08:10+00:00| seen| Telegram/CV1B3rZr5khK25YAobIJ1q14lZYG4ckN0CAy1N-SVmCsv3a7...

Ubuntu: Security Advisory (USN-7036-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS : Rack vulnerabilities (USN-7036-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7036-1 advisory. It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sendin...

CVE-2024-44570

creationtimestamp| type| source ---|---|--- 2024-09-11 19:32:47+00:00| seen| https://t.me/cvedetector/5400...

openSUSE: Security Advisory for rubygem (SUSE-SU-2023:0276-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5530-1] ruby-rack security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5530-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2023 https://www.debian.org/security/faq -...

Debian DSA-5530-1 : ruby-rack - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5530 advisory. Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injectio...

Internet Bug Bounty: [CVE-2022-44570] Possible Denial of Service Vulnerability in Rack’s Range header parsing

A denial of service vulnerability was discovered in the Range header parsing component of Rack. This vulnerability could be exploited by sending carefully crafted input to the Range header, causing the parsing component to consume an unexpected amount of time and potentially leading to a denial o...

Updated ruby-rack packages fix security vulnerability

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

SUSE-SU-2023:0649-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2022-44570: Fixed a potential denial of service when parsing a RFC2183 multipart boundary bsc1207597. - CVE-2022-44571: Fixed a potential denial of service when parsing a Range header bsc1207599...

Ubuntu: Security Advisory (USN-5910-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5910-1: Rack vulnerabilities

It was discovered that Rack did not properly structure regular expressions in some of its parsing components, which could result in uncontrolled resource consumption if an application using Rack received specially crafted input. A remote attacker could possibly use this issue to cause a denial of...

CVE-2022-44570

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

CVE-2022-44570

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...