CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

NVD•added 2026/05/15 10:16 p.m.•20 views

CVE-2026-45299

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profileimageurl field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is...

5.4CVSS0.00012EPSS

Exploits0References1

vulnersOsv•added 2026/05/14 8:15 p.m.•6 views

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-45299 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-45299 Source advisory: OSV:GHSA-6GH2-Q7CP-9QF6...

5.4CVSS5.8AI score0.00012EPSS

Exploits0

EUVD•added 2025/11/10 5:21 p.m.•1 views

EUVD-2025-45299

Malicious code in sinta-kue38-sukiwir npm...

6.6AI score

Exploits0

RedhatCVE•added 2025/05/23 10:32 a.m.•3 views

CVE-2024-45299

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is not escaped correctly, the administrator / event admin could break their own install by inserting non correctly escaped text. The...

6.5CVSS7AI score0.00191EPSS

Exploits1

RedhatCVE•added 2025/05/22 10:48 p.m.•6 views

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

9.8CVSS6.8AI score0.01304EPSS

Exploits1References1

Circl•added 2024/09/06 3:46 p.m.•1 views

CVE-2024-45299

creationtimestamp| type| source ---|---|--- 2024-09-06 15:46:00+00:00| seen| https://t.me/cvedetector/4962...

6.5CVSS4.8AI score0.00191EPSS

Exploits1References1

CVE•added 2024/09/06 1:0 p.m.•98 views

CVE-2024-45299

alf.io prior to version 2.0-M5 has an input escaping flaw in preloaded JSON data that can cause installation instability when administrators insert non-escaped text. The issue is mitigated by upgrading to version 2.0-M5, which fixes the escaping problem. The CSP blocks script execution; no exploi...

6.5CVSS6.6AI score0.00191EPSS

Exploits1References2Affected Software1

SUSE CVE•added 2023/02/15 3:22 a.m.•1 views

SUSE CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

9.8CVSS7AI score0.01304EPSS

Exploits1References3

vulnersOsv•added 2023/01/13 9:30 p.m.•3 views

GuiNistRs (=0.1.0), ablavema (=0.4.2) +330 more potentially affected by CVE-2022-45299 via webbrowser (>=0.1.3 <=0.8.15)

webbrowser CARGO version =0.1.3, =0.0.6, =0.0.7-alpha.3, =0.0.7-alpha.2, =0.0.7-alpha.1, =0.0.7-alpha.1, =0.1.0, =0.1.0, =1.0.9, =0.1.0, =0.1.2 - antigravity =0.0.5 and more Source cves: CVE-2022-45299 Source advisory: OSV:GHSA-M589-MV4Q-P7RJ...

9.8CVSS7.7AI score0.01304EPSS

Exploits1

OSV•added 2023/01/13 9:15 p.m.•2 views

DEBIAN-CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

9.8CVSS8.7AI score0.01304EPSS

Exploits1References1

CVE•added 2023/01/13 12:0 a.m.•74 views

CVE-2022-45299

CVE-2022-45299 affects rust-lang/webbrowser-rs v0.8.2. The issue in the IpFile argument allows an attacker to access arbitrary files by supplying a crafted URL. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) yields a base score of 9.8 (CRITICAL). Exploitation details are not provided i...

9.8CVSS9.2AI score0.01304EPSS

Exploits1References1Affected Software1