Lucene search
K

9860 matches found

Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.33 views

2026-05 .NET 10.0.8 Security Update for ARM64 Client (KB5093446)

2026-05 .NET 10.0.8 Security Update for ARM64 Client KB5093446...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.33 views

2026-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5087538)

2026-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems KB5087538...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.29 views

2026-05 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5087538)

2026-05 Cumulative Update for Windows 10 Version 1809 for x86-based Systems KB5087538...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.12 views

2026-05 .NET 9.0.16 Security Update for x64 Client (KB5093448)

2026-05 .NET 9.0.16 Security Update for x64 Client KB5093448...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.74 views

2026-05 .NET 9.0.16 Security Update for x86 Client (KB5093448)

2026-05 .NET 9.0.16 Security Update for x86 Client KB5093448...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.22 views

2026-05 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5087544)

2026-05 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems KB5087544...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.180 views

2026-05 .NET 8.0.27 Security Update for x64 Client (KB5093447)

2026-05 .NET 8.0.27 Security Update for x64 Client KB5093447...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.23 views

2026-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 (KB5087065)

2026-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 KB5087065...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.25 views

2026-05 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB5088860)

2026-05 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 KB5088860...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.18 views

2026-05 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 (KB5088863)

2026-05 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 KB5088863...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.8 views

When LLMs Team Up: A Coordinated Attack Framework for Automated Cyber Intrusions

Automated intrusion-style workflows require LLM agents to reason over partial observations, tool outputs, and executable artifacts under bounded budgets. A single LLM instance often compresses evidence extraction, planning, execution, and validation into one context, which increases the risk of...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Langflow 路径遍历漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.9.0 contained a path traversal vulnerability. This vulnerability stemmed from the path traversal in the knowledge base API, which could allow...

9.6CVSS5.8AI score0.04417EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/08 7:51 p.m.12 views

Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite

Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite Affected Component Retrieval web/YouTube processing endpoints: - backend/openwebui/routers/retrieval.py lines 1810-1837, processweb - backend/openwebui/routers/retrieval.py the parallel processyoutube endpoint -...

8.1CVSS5.8AI score0.00295EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/05/08 7:51 p.m.8 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the processweb and processyoutube endpoints when the overwrite parameter is set to true and the collectionname is attacker-controlled. An attacker can overwrite or delete another user...

8.1CVSS5.8AI score0.00295EPSS
Exploits1References2
OSV
OSV
added 2026/05/08 7:51 p.m.8 views

GHSA-7R82-QHG4-6WVJ Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite

Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite Affected Component Retrieval web/YouTube processing endpoints: - backend/openwebui/routers/retrieval.py lines 1810-1837, processweb - backend/openwebui/routers/retrieval.py the parallel processyoutube endpoint -...

8.1CVSS5.8AI score0.00295EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-39277

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The get sources from items function resolves file and knowledge base references into vector search queries during chat completion. Certain code paths perform vector store queries without...

6.5CVSS5.8AI score0.00366EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39274

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The validate collection access function employs an incomplete allowlist that only verifies ownership for collections starting with user-memory- and file-. Other collection names, such as the...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39271

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The 'POST /api/v1/retrieval/process/web' endpoint accepts a user-supplied collection name and an overwrite query parameter, which defaults to True. The system fails to perform authorization checks...

8.1CVSS5.8AI score0.00295EPSS
Exploits1References6
Patchstack
Patchstack
added 2026/05/01 9:31 a.m.6 views

WordPress Knowledge Base documentation & wiki plugin – BasePress Docs plugin <= 2.16.3.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Knowledge Base documentation & wiki plugin – BasePress versions = 2.16.3.3...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/29 4:16 p.m.6 views

CVE-2026-40230

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...

5.4CVSS0.00178EPSS
Exploits1References2
Rows per page
Query Builder