CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

241 matches found

EUVD-2026-34036

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS5.3AI score0.00033EPSS

Exploits0References9

NVD•added 2 days ago•7 views

CVE-2026-10661

5.3CVSS0.00033EPSS

Exploits0References8

ATTACKERKB•added 2 days ago•3 views

CVE-2026-10661

5.3CVSS5.3AI score0.00033EPSS

Exploits0References8

Cvelist•added 2 days ago•24 views

CVE-2026-10661 ahujasid blender-mcp server.py open injection

5.3CVSS0.00033EPSS

Exploits0References8

Vulnrichment•added 2 days ago•2 views

CVE-2026-10661 ahujasid blender-mcp server.py open injection

5.3CVSS5.3AI score0.00033EPSS

Exploits0References8

CVE•added 2 days ago•12 views

CVE-2026-10661

The CVE concerns ahujasid blender-mcp with a vulnerability in the Open function of src/blender_mcp/server.py. Manipulating the input_image_url parameter leads to injection, with remote exploitation possible. The affected project uses rolling releases, so specific version details are not listed; p...

5.3CVSS5.3AI score0.00033EPSS

Exploits0References8

Positive Technologies•added 2 days ago•4 views

PT-2026-45866

Name of the Vulnerable Software and Affected Versions ahujasid blender-mcp versions prior to 5b37be25242e73dc4cf1328974d30458b9e5d67e Description An injection issue exists in the Open function within the src/blender mcp/server.py file. This occurs when the input image url argument is manipulated,...

5.3CVSS5.8AI score0.00033EPSS

Exploits0References10

ATTACKERKB•added 3 days ago•4 views

CVE-2026-49328

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...

5.8AI score0.0013EPSS

Exploits0References5

ATTACKERKB•added 2026/05/26 2:51 p.m.•4 views

CVE-2026-43936

e107 is a content management system CMS. Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4...

4.3CVSS5.8AI score0.00028EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/20 1:25 a.m.•4 views

CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS5.9AI score0.001EPSS

Exploits0References7

NVD•added 2026/05/15 10:16 p.m.•7 views

CVE-2026-45317

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery CSRF vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint,...

4.6CVSS0.00006EPSS

Exploits1References1

NVD•added 2026/05/15 10:16 p.m.•17 views

CVE-2026-45299

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profileimageurl field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is...

5.4CVSS0.00012EPSS

Exploits0References1

EUVD•added 2026/05/15 9:44 p.m.•3 views

EUVD-2026-30661

5.4CVSS5.9AI score0.00012EPSS

Exploits0References1

Vulnrichment•added 2026/05/15 9:44 p.m.•4 views

CVE-2026-45299 Open WebUI: Stored Cross-Site Scripting In Profile Picture

5.4CVSS5.9AI score0.00012EPSS

Exploits0References1

Vulnrichment•added 2026/05/15 9:29 p.m.•4 views

CVE-2026-45317 Open WebUI: Cross-Site Request Forgery (CSRF) via Image URL Manipulation

4.6CVSS5.8AI score0.00006EPSS

Exploits1References1

Cvelist•added 2026/05/15 9:29 p.m.•29 views

CVE-2026-45317 Open WebUI: Cross-Site Request Forgery (CSRF) via Image URL Manipulation

4.6CVSS0.00006EPSS

Exploits1References1

EUVD•added 2026/05/15 9:29 p.m.•6 views

EUVD-2026-30658

4.6CVSS5.8AI score0.00006EPSS

Exploits1References1

CNNVD•added 2026/05/15 12:0 a.m.•4 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.3 contained a security vulnerability. This vulnerability stemmed from the channel webhook creation/update process accepting arbitrary profileimageurl values,...

7.4CVSS6AI score0.0001EPSS

Exploits1References2

CNNVD•added 2026/05/15 12:0 a.m.•4 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.0 had a cross-site scripting vulnerability. This vulnerability stemmed from the profileimageurl field in the user profile update form accepting arbitrary data: URI...

5.4CVSS5.8AI score0.00012EPSS

Exploits0References1

Github Security Blog•added 2026/05/14 8:18 p.m.•4 views

Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipulation

Summary An application-wide Cross-Site Request Forgery CSRF vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint, allowing them to perform actions on behalf of a victim user. Any authenticated user can exploit this...

4.6CVSS5.8AI score0.00006EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by