CVE-2026-28786

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

GHSA-VVXM-VXMR-624H Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

CVE-2026-28786 Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

Security update for cloud-init

This update for cloud-init fixes the following issues: Update to version 25.1.3: CVE-2024-6174: Unpriveleged user could trigger hotplug-hook commands bsc1245403. None security fixes: Rebase cloud-init to 24.4 or higher bsc1239715, jscPED-8680. Fixed cloud-init --debug status bsc1228414. Using...

SUSE CVE-2025-30474

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception messag...

Error “The system cannot find the specified file. Error number 0xE0000002” Occurs When Merging vDisk Versions Fails

Merging vDisk versions fails and displays the following error: "The system cannot find the specified file. Error number 0xE0000002." Running mcli run mergedisk –p disklocatorid base=1 displays success on execution, however merged disk doesnot come up on console or store. Management Daemon logs...

"Failed to convert Boot Configuration Data. The system cannot find the file specified. (0x00000002)"

Attemtpting to run P2pvs and get error "Failed to convert Boot Configuration Data. The system cannot find the file specified. 0x00000002" Followed https://support.citrix.com/article/CTX202159 and still same issue...

Azure VDAs are shown as "power state: unknown" in Studio

Power state in Studio toggles between "unknown" and "on" or "off" for VMs hosted in Azure. You may find the below entries in the hosting connection test or in the CDF traces Error: Invalid connection settings. System.IO.FileNotFoundException: Could not load file or assembly 'System.Net.Http,...

SUSE-RU-2023:2566-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: branch-network-formula: - Update to version 0.1.1680167239.23f2fec Remove unnecessary import of 'salt.ext.six' cobbler: - Fix cobbler buildiso so that the artifact can be booted by EFI firmware. bsc1206060 - Switch packaging from patch based to Git tree bas...

CVE-2023-26131

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possibl...

PT-2023-20510 · Unknown · Github.Com/Xyproto/Algernon/Themes +1

Name of the Vulnerable Software and Affected Versions: github.com/xyproto/algernon/engine affected versions not specified github.com/xyproto/algernon/themes affected versions not specified Description: The issue is related to Cross-site Scripting XSS due to improper user input sanitization in the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possible when a file/resource is not found. PoC bash go install...

Workspace error 2306 happen when ICA file located in path which contains Chinese characters

Workspace error 2306 happen when ICA file located in path which contains Chinese character. Error message "Could not find the file named "C:??\.ica. Please check your installation , or contact your administrator."...

resource-agents bug fix and enhancement update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Bug Fixes and Enhancements: gcp-vpc-move-vip, gcp-vpc-move-route, gcp-pd-move: A failed...

curl: Parallel upload hangs curl if upload file not found

Attempting to upload -T a not found file with parallel -Z flag present, will cause curl to get stuck and never terminate, potentially stalling scripts that make use of this particular flags. curl -T blabla-notexists -Z upload.example.com www.google.com www.cnn.com www.apple.com Same issue occurs ...

Error: "404 - File or directory not found" when launching new stores created on StoreFront

New stores created on StoreFront are showing error: "404 - File or directory not found" at launch. Old stores can be launched properly...

XenMobile: 500 Server Internal Error when uploading Android APK File to XMS

When trying to upload an APK app to the XMS console using Internet Explorer 11, we are getting a 500 Server Internal Error Looking into the error logs. The previous version x.x.x.0 works fine however upgrading the version gives - 500 Server Internal Error...

Microsoft IIS 5.0 CodeBrws.ASP Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4525/info Microsoft IIS 5.0 ships with a sample script that may be used to view the source code of other scripts in the sample scripts /IISSAMPLES directory. However, this script CodeBrws.asp does not adequately filter...

Mandriva Update for aria2 MDVA-2010:077 (aria2)

Check for the Version of aria2 OpenVAS Vulnerability Test Mandriva Update for aria2 MDVA-2010:077 aria2 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...