Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

SUSE CVE
SUSE CVEadded 2026/05/16 6:2 p.m.6 views

SUSE CVE-2026-44774

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider...

9.9CVSS5.8AI score0.00016EPSS
Exploits1References3
EUVD
EUVDadded 2026/05/15 8:34 p.m.3 views

EUVD-2026-30629

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on...

5.3CVSS5.8AI score0.00039EPSS
Exploits1References1
CVE
CVEadded 2026/05/15 8:34 p.m.19 views

CVE-2026-45397

Open WebUI (self-hosted offline AI platform) is affected by CVE-2026-45397. The vulnerability is an information disclosure in the retrieval endpoint: GET /api/v1/retrieval/ can return live RAG configuration to unauthenticated clients. Affected component is backend/open_webui/routers/retrieval.py ...

5.3CVSS5.8AI score0.00039EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/15 4:30 p.m.4 views

CVE-2026-44774

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider...

6.4CVSS5.8AI score0.00016EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/13 12:0 a.m.5 views

PT-2026-40716

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.46 Traefik versions prior to 3.6.17 Traefik versions prior to 3.7.1 Description Traefik's Kubernetes Gateway API provider contains an authorization bypass that allows a tenant with HTTPRoute creation permissions ...

9.9CVSS5.8AI score0.00016EPSS
Exploits1References12
Positive Technologies
Positive Technologiesadded 2026/05/05 12:0 a.m.4 views

PT-2026-37283

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.1.3 Description The MCP HTTP transport accepts JSON-RPC tools/call requests without requiring authentication, sessions, origins, or token checks, dispatching them directly to the orchestrator's tool registry...

8.7CVSS5.8AI score0.00019EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2014/11/18 6:8 p.m.1 views

libvirt: qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index

An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune function looked up the disk index in a non-persistent live disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could us...

5.8CVSS7.3AI score0.02862EPSS
Exploits0References4
Rows per page
Query Builder