Angular template injection in Reports in Guardian/CMC before 26.1.0

Summary An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. Impact An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cups-filters (SUSE-SU-2026:1948-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1948-1 advisory. This update for cups-filters fixes the following issues - error about PPD file during 'driverless' printe...

CVE-2026-45492

Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

EUVD-2026-30786

Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-45492

Microsoft Edge (Chromium-based) contains a security feature bypass (CVE-2026-45492) due to improper input validation. The issue is exploitable over a network by an unauthenticated attacker to bypass a security feature in Edge. Connected sources identify the affected product as Edge (Chromium-base...

CVE-2026-45492 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

...

CVE-2026-45492

Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-42183

A flaw was found in Argo Workflows. This flaw, a nil pointer dereference in the rbacAuthorization function, affects Single Sign-On SSO users. When SSODELEGATERBACTONAMESPACE is enabled, an authenticated SSO user whose claims match a namespace-level Role-Based Access Control RBAC rule but not an...

Security update for cups-filters

This update for cups-filters fixes the following issues error about PPD file during 'driverless' printer setup bsc1256868. ppd pull out from driverless printer feature broken bsc1256977. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE CVE-2026-8557

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

CVE-2026-45385

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

CVE-2026-45672

Open WebUI CVE-2026-45672 affects the /api/v1/utils/code/execute endpoint, where arbitrary Python code can be executed via Jupyter for any verified user even when ENABLE_CODE_EXECUTION is false. The feature gate is not enforced at the API level, so code execution is possible despite the admin set...

CVE-2026-45672 Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

CVE-2026-45672 Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

CVE-2026-45385

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

CVE-2026-44376

CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product...

CVE-2026-45331

CVE-2026-45331 concerns Open WebUI’s validate_url() in backend/open_webui/retrieval/web/utils.py, where a call to validators.ipv6(ip, private=True) raises a ValidationError due to the library not implementing the private keyword for IPv6. This causes IPv6 addresses to bypass the intended filter, ...

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

BIT-GRAFANA-2026-33380 SQL Expressions Read File From Disk

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

PT-2026-41710

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network. This issue is related to an origi...