CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/03/27 12:0 a.m.•3 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained a security vulnerability. This vulnerability stemmed from the lack of ownership checks for the/api/v1/retrieval/process/files/batch endpoint, which cou...

CNNVD•added 2026/03/27 12:0 a.m.•4 views

NEC Platforms Aterm Series 安全漏洞

The NEC Platforms Aterm Series is a series of wireless router and network device products developed by the Japanese company NEC. The NEC Platforms Aterm Series contains security vulnerabilities, particularly related to path traversal, which may allow attackers to overwrite arbitrary files...

9.8CVSS5.9AI score0.00092EPSS

CVE•added 2026/03/26 11:38 p.m.•4 views

CVE-2026-28788

Open WebUI vulnerability CVE-2026-28788 affects the self-hosted Open WebUI AI platform. Before version 0.8.6, an authenticated user can overwrite any file’s content by ID via POST /api/v1/retrieval/process/files/batch. The endpoint performs no ownership check, enabling a user with read access to ...

7.1CVSS5.8AI score0.00019EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/03/26 11:38 p.m.•0 views

CVE-2026-28788 Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

OSV•added 2026/03/26 11:38 p.m.•0 views

CVE-2026-28788 Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

ATTACKERKB•added 2026/03/26 11:38 p.m.•1 views

Exploits1References3

CVE-2026-28788

7.1CVSS5.8AI score0.00019EPSS

Exploits1References2Affected Software1

EUVD•added 2026/03/26 9:31 p.m.•3 views

EUVD-2026-16326

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

5.9CVSS5.9AI score0.54213EPSS

Exploits9References3

Cvelist•added 2026/03/26 8:6 p.m.•23 views

CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers

5CVSS0.00011EPSS

Exploits8References5

RedhatCVE•added 2026/03/26 3:10 p.m.•1 views

CVE-2026-32054

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...

7.8CVSS5.9AI score0.00016EPSS

RedhatCVE•added 2026/03/26 3:7 p.m.•2 views

CVE-2026-31990

OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in the...

7.1CVSS5.9AI score0.00038EPSS

RedhatCVE•added 2026/03/26 3:2 p.m.•1 views

CVE-2026-32013

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

8.8CVSS6.4AI score0.00049EPSS

RedhatCVE•added 2026/03/26 3:0 p.m.•1 views

CVE-2026-33330

FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save...

7.1CVSS5.7AI score0.00014EPSS

Positive Technologies•added 2026/03/26 12:0 a.m.•1 views

PT-2026-28382

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the...

EUVD•added 2026/03/24 12:30 a.m.•4 views

Exploits1References6

EUVD-2026-14585

OpenClaw before 2026.3.2 contains a symlink traversal vulnerability in stageSandboxMedia that allows attackers to overwrite files outside the sandbox workspace. Attackers can exploit unvalidated destination paths in media/inbound writes to follow symlinks and overwrite host files beyond intended...

6.9CVSS5.8AI score

Exploits0References4

SUSE CVE•added 2026/03/24 12:24 a.m.•7 views

SUSE CVE-2026-33236

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

8.1CVSS6AI score0.00022EPSS

Exploits1References3

CNVD•added 2026/03/24 12:0 a.m.•0 views

OpenClaw backlink vulnerability (CNVD-2026-14861)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to read and write files outside the agent's workspace, which in turn can be used to execute code via a file overwrite attack...

8.8CVSS6AI score0.00049EPSS