GHSA-VVXM-VXMR-624H Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

SUSE CVE-2025-30474

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception messag...

Azure VDAs are shown as "power state: unknown" in Studio

Power state in Studio toggles between "unknown" and "on" or "off" for VMs hosted in Azure. You may find the below entries in the hosting connection test or in the CDF traces Error: Invalid connection settings. System.IO.FileNotFoundException: Could not load file or assembly 'System.Net.Http,...