9860 matches found
2026-05 .NET 10.0.8 Security Update for ARM64 Client (KB5093446)
2026-05 .NET 10.0.8 Security Update for ARM64 Client KB5093446...
2026-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5087538)
2026-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems KB5087538...
2026-05 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5087538)
2026-05 Cumulative Update for Windows 10 Version 1809 for x86-based Systems KB5087538...
2026-05 .NET 9.0.16 Security Update for x64 Client (KB5093448)
2026-05 .NET 9.0.16 Security Update for x64 Client KB5093448...
2026-05 .NET 9.0.16 Security Update for x86 Client (KB5093448)
2026-05 .NET 9.0.16 Security Update for x86 Client KB5093448...
2026-05 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5087544)
2026-05 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems KB5087544...
2026-05 .NET 8.0.27 Security Update for x64 Client (KB5093447)
2026-05 .NET 8.0.27 Security Update for x64 Client KB5093447...
2026-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 (KB5087065)
2026-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 KB5087065...
2026-05 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB5088860)
2026-05 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 KB5088860...
2026-05 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 (KB5088863)
2026-05 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 KB5088863...
When LLMs Team Up: A Coordinated Attack Framework for Automated Cyber Intrusions
Automated intrusion-style workflows require LLM agents to reason over partial observations, tool outputs, and executable artifacts under bounded budgets. A single LLM instance often compresses evidence extraction, planning, execution, and validation into one context, which increases the risk of...
Langflow 路径遍历漏洞
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.9.0 contained a path traversal vulnerability. This vulnerability stemmed from the path traversal in the knowledge base API, which could allow...
Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite
Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite Affected Component Retrieval web/YouTube processing endpoints: - backend/openwebui/routers/retrieval.py lines 1810-1837, processweb - backend/openwebui/routers/retrieval.py the parallel processyoutube endpoint -...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the processweb and processyoutube endpoints when the overwrite parameter is set to true and the collectionname is attacker-controlled. An attacker can overwrite or delete another user...
GHSA-7R82-QHG4-6WVJ Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite
Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite Affected Component Retrieval web/YouTube processing endpoints: - backend/openwebui/routers/retrieval.py lines 1810-1837, processweb - backend/openwebui/routers/retrieval.py the parallel processyoutube endpoint -...
PT-2026-39277
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The get sources from items function resolves file and knowledge base references into vector search queries during chat completion. Certain code paths perform vector store queries without...
PT-2026-39274
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The validate collection access function employs an incomplete allowlist that only verifies ownership for collections starting with user-memory- and file-. Other collection names, such as the...
PT-2026-39271
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The 'POST /api/v1/retrieval/process/web' endpoint accepts a user-supplied collection name and an overwrite query parameter, which defaults to True. The system fails to perform authorization checks...
WordPress Knowledge Base documentation & wiki plugin – BasePress Docs plugin <= 2.16.3.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Knowledge Base documentation & wiki plugin – BasePress versions = 2.16.3.3...
CVE-2026-40230
Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...