CVE-2026-45385

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

EUVD-2026-30626

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object reference vulnerabilities in the channel functionality. The...

httpsig-rs 安全漏洞

httpsig-rs is a Rust library developed by Jun Kurihara. Versions of httpsig-rs prior to 0.0.23 contained security vulnerabilities. These vulnerabilities stemmed from the misuse of the Digest header validation mechanism’s matches! macro, which could potentially allow incorrect validation successes...

CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

EUVD-2006-1120

Malware in sbrugna...

EUVD-2002-1698

Malware in sbrugna...

EUVD-2001-1450

Malware in sbrugna...

EUVD-2009-2626

Malware in sbrugna...

EUVD-2003-1152

Malware in sbrugna...

EUVD-2025-29512

Malicious code in bioql PyPI...

EUVD-2022-27530

Malicious code in bioql PyPI...

CVE-2022-22384

IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation. IBM X-Force ID: 221961...

CIGESv2 跨站脚本漏洞

CIGESv2 is a queue and reservation management system from CIGESv2, Inc. CIGESv2 suffers from a cross-site scripting vulnerability that stems from the presence of an HTML injection vulnerability. An attacker can exploit the vulnerability to inject arbitrary code and modify website and email...

IBM Security Verify Privilege Manager Input Verification Error Vulnerability

IBM Security Verify Privilege Manager is a security management software from International Business Machines IBM for endpoint privilege management and application control in corporate environments. The software stops unintentional downloads of malware and ransomware from attacking applications by...

Cybozu Garoon 安全漏洞

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A security vulnerability exists in Cybozu Garoon versions 4.10.0 through 5.9.2, which can be exploited by attacke...

DEBIAN-CVE-2022-39835

An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0...

Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot

Title XSS in markdown link-maker Description While chatting with a client, both sides may use markdown. However, neither client's nor Chatwoot inner user's input is verified. Steps to reproduce. Note: this works in Safari and Firefox, not Chrome. I will use Telegram bot. 1. 1. Start a conversatio...

Fortinet FortiOS and Fortinet FortiClient Trust Management Issues Vulnerability

Fortinet FortiOS and Fortinet FortiClient are both products of the U.S. company Fita Fortinet.Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and...

CVE-2019-10201

It was found that Keycloak's SAML broker did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to...