Lucene search
K

251 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-59214

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...

9CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-59214

Open WebUI (self-hosted AI platform) is affected by a vulnerability described as a stored web worker XSS via Pyodide. Prior to version 0.10.0, the platform runs client-side Python with Pyodide inside a same-origin web worker, which could allow stored chat payloads using pyodide.http.pyfetch or th...

9CVSS6.1AI score0.00285EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42616

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...

7.3CVSS6.1AI score0.00285EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59214

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...

7.3CVSS6.1AI score0.00285EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-59214 Open WebUI: Stored web worker XSS via Pyodide

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...

7.3CVSS0.00285EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-57111

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

7.5CVSS0.00269EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42529

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

7.5CVSS6AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-57111

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

7.5CVSS6AI score0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-57111 Apache Helix REST: Permissive CORS Configuration in REST API Allows Unrestricted Cross-Origin

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

0.00269EPSS
Exploits0References1
Veracode
Veracode
added 2026/07/07 9:30 a.m.8 views

Improper Access Control

Cilium is vulnerable to improper access control. The vulnerability is due to the creation of a world-accessible Envoy admin socket when L7 functionality is enabled, which allows a local attacker to access Envoy administrative endpoints, potentially exposing sensitive information such as TLS...

5.9AI score0.00017EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/07/06 11:16 p.m.8 views

CVE-2026-53640

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding...

2.3CVSS0.00226EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 7:16 p.m.7 views

CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

7.5CVSS0.00271EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/07/06 6:0 p.m.33 views

CVE-2026-13753 CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

0.00271EPSS
Exploits1References1
CVE
CVE
added 2026/07/06 6:0 p.m.48 views

CVE-2026-13753

HP Deskjet 2800 Series printers (firmware

7.5CVSS6AI score0.00271EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:0 p.m.6 views

CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

7.5CVSS6AI score0.00271EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/07/06 6:0 p.m.15 views

CVE-2026-13753 CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

6AI score0.00271EPSS
Exploits1References1
OSV
OSV
added 2026/07/06 5:3 p.m.4 views

GHSA-3FCV-JVFP-M4Q9 Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access

Impact When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive...

9.2CVSS5.9AI score0.00017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-56051

Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.1 Cilium versions 1.18.0 through 1.18.7 Cilium versions prior to 1.17.14 Description When L7 functionality is enabled, the Envoy instance creates a world-accessible socket on cluster nodes. A local attacker...

9.2CVSS5.9AI score0.00017EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55961

Name of the Vulnerable Software and Affected Versions HP Deskjet 2800 Series Printers versions prior to TBP1CN2612AR Description A missing authorization flaw exists in the embedded webserver. An unauthenticated attacker with network access can bypass administrative controls by sending GET request...

7.5CVSS6AI score0.00271EPSS
Exploits1References8
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40428

Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to bypass upload restrictions. Attackers can append traversal sequences to the upload path, which are normalized by the WHATWG URL parser, enabling acce...

8.7CVSS5.8AI score0.00451EPSS
Exploits0References3
Rows per page
Query Builder