Lucene search
K

2855 matches found

OSV
OSV
added 2026/05/20 10:44 a.m.5 views

CLSA-2026-1779273835 jq: Fix of 8 CVEs

CVE-2026-40164: randomize hash seed to mitigate hash collision DoS - CVE-2026-40612: limit containment check depth - CVE-2026-41256: fix NUL truncation in program files loaded with -f - CVE-2026-41257: fix signed-int overflow in stackreallocate - CVE-2026-43894: cap numeric literal length to...

7.5CVSS5.9AI score0.00366EPSS
Exploits7References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux - уязвимость в apache2

Apache HTTP Server versions 2.4.39 to 2.4.46: unexpected matching behavior with "MergeSlashes OFF"...

5.3CVSS6.8AI score0.52331EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use requestmodulenowait This seems to address a deadlock issue that occurred during the LED merge in version 6.9. The deadlock occurs on my system with 24 iwlwifi radios. It might be because all worker threads are...

5.5CVSS5.5AI score0.00141EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 4:56 p.m.6 views

CLSA-2026-1779123410 jq: Fix of 8 CVEs

CVE-2026-40164: randomize hash seed to mitigate hash collision DoS - CVE-2026-40612: limit containment check depth - CVE-2026-41256: fix NUL truncation in program files loaded with -f - CVE-2026-41257: fix signed-int overflow in stackreallocate - CVE-2026-43894: cap numeric literal length to...

7.5CVSS5.9AI score0.00366EPSS
Exploits7References1
OSV
OSV
added 2026/05/18 6:11 a.m.10 views

BIT-GITLAB-2026-6883 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...

4.3CVSS5.8AI score0.00146EPSS
Exploits0References3
OSV
OSV
added 2026/05/18 6:11 a.m.9 views

BIT-GITLAB-2026-6063 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/15 8:33 p.m.12 views

CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 8:33 p.m.54 views

CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS0.00307EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 8:33 p.m.18 views

CVE-2026-45396

Summary of technical details (CVE-2026-45396) Open WebUI v0.9.2 is vulnerable to mass assignment in the endpoint POST /api/v1/evaluations/feedback through a FeedbackForm that uses extra='allow'. The root cause is an insecure dictionary merge order in insert_new_feedback(), where the form data can...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:30 p.m.11 views

CVE-2026-44562

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/15 2:2 p.m.8 views

OESA-2026-2335 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

9.8CVSS6AI score0.01335EPSS
Exploits1References10
NCSC
NCSC
added 2026/05/15 9:27 a.m.68 views

Vulnerabilities are handled in GitLab through GitLab Inc.

GitLab Inc. has addressed several vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE in various versions, particularly in releases from version 8.3 to 18.11.3. These vulnerabilities concern various components and functions within GitLab, including Jira integration, container...

8.7CVSS5.8AI score0.00355EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 3:31 p.m.38 views

CVE-2026-42593 Gotenberg: Arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf +...

5.3CVSS0.00311EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/14 3:31 p.m.6 views

CVE-2026-42593 Gotenberg: Arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf +...

5.3CVSS5.8AI score0.00311EPSS
Exploits1References1
NVD
NVD
added 2026/05/14 6:16 a.m.8 views

CVE-2026-6883

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...

4.3CVSS0.00146EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 6:16 a.m.20 views

CVE-2026-6063

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS0.0019EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 6:16 a.m.5 views

UBUNTU-CVE-2026-6063

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.7 views

CVE-2026-6883

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...

4.3CVSS5.8AI score0.00146EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.9 views

CVE-2026-6063

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 6:16 a.m.6 views

UBUNTU-CVE-2026-6883

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...

4.3CVSS5.8AI score0.00146EPSS
Exploits0References4
Rows per page
Query Builder