Lucene search
K

1934 matches found

Cvelist
Cvelist
added 2026/05/28 9:40 a.m.30 views

CVE-2026-46223 cgroup: Defer css percpu_ref kill on rmdir until cgroup is depopulated

In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpuref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to satisfy the controller invariant that a subsystem's -cssoffline must not run while tasks are still doin...

0.00083EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 2:39 p.m.12 views

Malicious code in pywingui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6db77876bf3b13e55750748761841f7ab77f17bd951bdc1c749e1e56d4416d7e pywingui 6.0.1 advertises itself as a Win32 UI automation framework but ships only Nuitka-compiled cp311-win32.pyd binaries the 4.py files are trivia...

5.8AI score
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.21 views

Attested Tool-Server Admission: A Security Extension to the Model Context Protocol

The Model Context Protocol MCP standardizes how a large-language-model LLM agent and an external tool server exchange messages, but not trust: a host reads a server's self-declared tool list and dispatches calls, with no notion of which servers it may use, at what sensitivity, or which of a...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: Clearing MFCOUNTINCREASED before retrying getanypage Hulk Robot reported a panic in putpagetestzero when testing madvice with MADVSOFTOFFLINE. The bug is triggered when retrying getanypage. This occurs because the...

5.5CVSS5.7AI score0.00353EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.7 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021546)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021546 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal: intelpowerclamp: Use getcpu instead of smpprocessorid to avoid crash When CPU 0 is offli...

5.5CVSS5.8AI score0.0015EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/19 11:44 p.m.106 views

eip-search

Exploit Intel Platform CLI Search Tool Package/command: eip-...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/19 7:57 p.m.12 views

CVE-2026-45315

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS5.8AI score0.0018EPSS
Exploits1References1
Fedora
Fedora
added 2026/05/19 4:20 p.m.14 views

[SECURITY] Fedora 44 Update: rust-tealdeer-1.7.3-2.fc44

Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching support...

9.8CVSS5.8AI score0.00412EPSS
Exploits0
Fedora
Fedora
added 2026/05/19 4:1 p.m.16 views

[SECURITY] Fedora 43 Update: rust-tealdeer-1.7.3-2.fc43

Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching support...

9.8CVSS5.8AI score0.00412EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/19 1:56 p.m.10 views

CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

7.3CVSS6.6AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/19 1:56 p.m.13 views

CVE-2026-44558

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filterallowedaccessgrants on either create or update paths. A non-admin user who can create group channels or who owns a channel can submit arbitrary...

5.4CVSS5.9AI score0.0019EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/19 7:57 a.m.9 views

CVE-2026-44552

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...

8.7CVSS5.8AI score0.00305EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/19 7:57 a.m.14 views

CVE-2026-44553

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

8.1CVSS5.7AI score0.00284EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/19 1:58 a.m.12 views

CVE-2026-45351

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...

6.5CVSS5.8AI score0.00281EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/19 1:58 a.m.10 views

CVE-2026-45314

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profileimageurl values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves...

7.4CVSS6AI score0.00212EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/19 1:58 a.m.11 views

CVE-2026-45301

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This...

8.1CVSS5.8AI score0.00273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.10 views

CVE-2026-45666

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/noteid endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. Th...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References1
NVD
NVD
added 2026/05/18 3:16 p.m.26 views

CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

7.3CVSS0.00318EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/18 1:58 p.m.9 views

CVE-2026-45347

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery SSRF via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests...

5.4CVSS5.8AI score0.00186EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/18 1:58 p.m.13 views

CVE-2026-45346

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.31, there is a Cross-Site Scripting vulnerability in Open WebUI SVG renderer implementation. This vulnerability is fixed in 0.6.31...

5.4CVSS5.8AI score0.00165EPSS
Exploits1References1
Rows per page
Query Builder