EUVD-2025-209884

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/v1/evaluations/feedback endpoint, which had a batch...

Open WebUI < 0.9.5 Multiple Vulnerabilities

The version of Open WebUI running on the remote host is prior to 0.9.5. It is, therefore, affected by multiple vulnerabilities: - An insecure direct object reference IDOR vulnerability in the retrieval API allows any authenticated user who knows a private knowledge base UUID to bypass access...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object reference vulnerabilities in the channel functionality. The...

Linux Distros Unpatched Vulnerability : CVE-2026-8503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurel...

CVE-2025-67437

Summary: CVE-2025-67437 affects the Medical Management System (identifier: a81df1ce700a9662cb136b27af47f4cbde64156b). The vulnerability is described as insecure permissions that allow arbitrary user password resets. Technical details provided in connected sources: Insecure permissions impacting a...

CVE-2026-44700

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

EUVD-2026-30486

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

CVE-2026-44700 Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

CVE-2026-44700

CVE-2026-44700 affects the Elixir WebRTC project (ex_webrtc). Before versions 0.15.1 and 0.16.1, the DTLS fingerprint validation was skipped when the DTLS client acts as the active party during handshake, effectively removing one side of WebRTC’s mutual authentication. This does not by itself ena...

CVE-2026-44700

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

NPM: Svelte: SSR XSS via Insecure Promise Serialization in hydratable

NPM: Svelte: SSR XSS via Insecure Promise Serialization in hydratable vulnerability discovered by ? in WordPress Npm svelte versions = 5.46.0, = 5.55.6...

electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files

Summary The taskcreate tool spawns durable sub-agents that inherit two insecure defaults: - allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue - autoapprove defaults to true taskmanager.rs:297: autoapprove: Sometrue When a user approves a taskcreate call which requires...

GHSA-72W5-PF8H-XFP4 DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files

Summary The taskcreate tool spawns durable sub-agents that inherit two insecure defaults: - allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue - autoapprove defaults to true taskmanager.rs:297: autoapprove: Sometrue When a user approves a taskcreate call which requires...

CVE-2026-8565

Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-36742

Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...

CVE-2026-8565

Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-44588 SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

CVE-2025-62311

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...