CVE-2026-44570 Open WebUI: Inconsistent authorization controls within memories API

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories...

CVE-2026-44570

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories...

EUVD-2026-30642

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories...

Advisory ROSA-SA-2026-3167

Software: jackson-databind 2.10.0 OS: ROSA Virtualization 3.0 unaffected versions = jackson-databind-2.10.0-1.0.2.rv30 affected versions jackson-databind-2.10.0-1.0.2.rv30 CVE-ID: CVE-2020-25649 BDU-ID: 2022-05602 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DOMDeserializer component of the...

PT-2024-3578

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server affected versions not specified Description The issue is related to the restoration of untrusted data in memory, which can be exploited by a remote attacker to execute arbitrary code using specially crafted data. Th...

The vulnerability of the Artica Proxy proxy server management system, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code on behalf of the “www-data” user.

The vulnerability of the Artica Proxy proxy server management system is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on behalf of the “www-data” user...

The vulnerability of the yaml.load() component in the YAML parsing library for Python, PyYAML, allows a attacker to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the yaml.load component in the YAML parsing library for Python, PyYAML, is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the Glib library, related to the restoration of unreliable data in memory, allows a hacker to cause a service failure.

The vulnerability of the Glib library relates to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the ExecuteAction function in the SolarWinds Access Rights Manager allows a violator to execute arbitrary code.

The vulnerability of the ExecuteAction function in the SolarWinds Access Rights Manager software lies in the possibility of unreliable data being restored to memory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

The vulnerability of the `host_new_graphs_save()` function in the Cacti network monitoring software (graphs_new.php) allows a attacker to execute arbitrary code.

The vulnerability of the hostnewgraphssave function in the Cacti network monitoring software’s script graphsnew.php involves the restoration of unreliable data in memory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using specially...

The vulnerability of the Serialization component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Serialization component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to gain access to data, enabling them ...

The vulnerability of Novi Survey’s software for conducting surveys lies in its ability to restore unreliable data in memory, allowing a perpetrator to execute arbitrary code.

The vulnerability of Novi Survey’s software for conducting surveys is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the generateFromHtml() function in the PHP Snappy library allows a hacker to execute arbitrary code.

The vulnerability of the generateFromHtml function in the PHP Snappy library is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

The vulnerability of the cross-platform media center Plex Media Server, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.

The vulnerability of the cross-platform media server Plex Media Server lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Drools business rule management system lies in the ability to restore unreliable data in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Drools business rules management system is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the JMX data management platform of Apache Geode allows an attacker to execute arbitrary code.

The vulnerability of the JMX data management platform of Apache Geode involves the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the AVEVA Edge SCADA system, related to the restoration of unreliable data in memory, allows a intruder to execute arbitrary code.

The vulnerability of the AVEVA Edge SCADA system is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the software responsible for creating, monitoring, and orchestrating data processing scripts in Airflow lies in its ability to restore unreliable data structures in memory, allowing an attacker to execute arbitrary code or cause service failures.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures...

The vulnerability of the Java Remote Management interface of Orlansoft ERP systems allows attackers to execute arbitrary code.

The vulnerability of Orlansoft’s Java Remote Management ERP system’s interface is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the org.apache.commons.dbcp2.datasources.PerUserPoolDataSource component in the Jackson-databind library of the FasterXML project allows a attacker to execute arbitrary code.

The vulnerability of the org.apache.commons.dbcp2.datasources.PerUserPoolDataSource component in the Jackson-databind library of the FasterXML project is related to the restoration of an unreliable data structure in memory. Exploiting this vulnerability could allow a remote attacker to execute...