Lucene search
K

4 matches found

Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-59715 Open WebUI: Unauthenticated WebSocket Access to Collaborative Document Handlers (ydoc:awareness:update, ydoc:document:leave)

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with alwaysconnect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requirin...

3.1CVSS0.00222EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/03/31 7:54 p.m.7 views

libreoffice: LibreLogo global-event script execution

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers...

9.8CVSS6.1AI score0.78347EPSS
Exploits4References5
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those...

9.8CVSS7.3AI score0.01976EPSS
Exploits3References4
OSV
OSV
added 2017/10/02 12:0 a.m.3 views

UBUNTU-CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those...

9.8CVSS7.2AI score0.01976EPSS
Exploits3References4
Rows per page
Query Builder