Lucene search
K

331 matches found

Github Security Blog
Github Security Blog
added 2026/03/27 3:29 p.m.9 views

Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

4.3CVSS6AI score0.00427EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/27 12:16 a.m.3 views

CVE-2026-28786

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

4.3CVSS0.00427EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/26 11:37 p.m.32 views

CVE-2026-28786 Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

4.3CVSS0.00427EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 11:37 p.m.5 views

CVE-2026-28786 Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

4.3CVSS5.9AI score0.00427EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:37 p.m.1 views

CVE-2026-28786

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

4.3CVSS5.8AI score0.00427EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/26 11:37 p.m.15 views

CVE-2026-28786

Open WebUI is a self-hosted offline AI platform. CVE-2026-28786 affects versions prior to 0.8.6, where an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError. The error message can include the server’s abso...

4.3CVSS5.8AI score0.00427EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 11:37 p.m.3 views

CVE-2026-28786 Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

4.3CVSS5.9AI score0.00427EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.5 views

EulerOS 2.0 SP13 : python-virtualenv (EulerOS-SA-2026-1260)

According to the versions of the python-virtualenv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use...

4.5CVSS5.8AI score0.00085EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 11:19 p.m.6 views

CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

8.7CVSS5.6AI score0.00412EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/20 11:19 p.m.27 views

CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

8.7CVSS0.00412EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/02/04 6:18 p.m.180 views

Exploit for Deserialization of Untrusted Data in Bentoml

CVE-2025-27520 — Безопасная учебная симуляция / PoC Demo Stan...

9.8CVSS8.5AI score0.3592EPSS
Exploits5
NVD
NVD
added 2026/02/04 2:16 p.m.6 views

CVE-2025-14740

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...

6.7CVSS0.00196EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/01 6:27 a.m.2 views

Directory Traversal

Overview argus-overview is a Professional multi-boxing tool for EVE Online Linux & Windows Affected versions of this package are vulnerable to Directory Traversal via the charactermanager.py file handling logic. An attacker can perform path traversal by supplying character names containing...

8.7CVSS6.5AI score
Exploits0References3
OSV
OSV
added 2026/01/13 6:45 p.m.4 views

GHSA-597G-3PHW-6986 virtualenv Has TOCTOU Vulnerabilities in Directory Creation

Impact TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's appdat...

4.5CVSS6.4AI score0.00085EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/27 12:5 a.m.22 views

CVE-2025-65885

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

5.1CVSS6.7AI score0.00119EPSS
Exploits0References1
NVD
NVD
added 2025/12/26 3:15 p.m.7 views

CVE-2025-65885

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

5.1CVSS0.00119EPSS
Exploits0References2
OSV
OSV
added 2025/12/26 3:15 p.m.7 views

CVE-2025-65885

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

5.1CVSS5.8AI score0.00119EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/26 12:0 a.m.4 views

CVE-2025-65885

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

6.3AI score0.00119EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/26 12:0 a.m.4 views

EUVD-2025-205437

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

5.1CVSS6.2AI score0.00119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.5 views

PT-2025-53590

Name of the Vulnerable Software and Affected Versions Delight Custom Firmware versions 1.0 through 1.8 Description A flaw exists in Delight Custom Firmware for Nokia Symbian Belle devices that allows local attackers to inject startup scripts. This is achieved by placing crafted .txt files into th...

5.1CVSS6.3AI score0.00119EPSS
Exploits0References8
Rows per page
Query Builder