Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

53 matches found

CNVD
CNVDadded 2026/04/09 12:0 a.m.1 views

OpenUI Cross-Site Scripting Vulnerability

OpenUI is an open source UI program. A cross-site scripting vulnerability exists in OpenUI 1.0 and earlier versions. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the file frontend/public/annotator/index.html, which can be exploited by an...

5.1CVSS5.8AI score0.00039EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2026/03/30 5:6 p.m.1 views

CVE-2026-4995

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

5.1CVSS4.3AI score0.00039EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/29 11:13 a.m.0 views

CVE-2026-4993

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

4.8CVSS5.2AI score0.00006EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/29 11:13 a.m.3 views

CVE-2026-4994

A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function genericexceptionhandler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the...

5.1CVSS5.4AI score0.00029EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/28 11:10 p.m.1 views

CVE-2026-4992

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

5.3CVSS5.5AI score0.00013EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/28 12:30 p.m.1 views

EUVD-2026-16913

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

4.8CVSS5.2AI score0.00006EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/28 12:30 p.m.0 views

EUVD-2026-16915

A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function genericexceptionhandler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the...

5.1CVSS5.4AI score0.00029EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/28 12:30 p.m.3 views

EUVD-2026-16917

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

5.1CVSS4.3AI score0.00039EPSS
Exploits0References5
NVD
NVDadded 2026/03/28 11:16 a.m.1 views

CVE-2026-4995

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

5.1CVSS0.00039EPSS
Exploits0References4
CVE
CVEadded 2026/03/28 10:45 a.m.5 views

CVE-2026-4995

wandb OpenUI up to version 1.0 is affected. The vulnerability targets the Window Message Event Handler in frontend/public/annotator/index.html, enabling cross-site scripting. Exploitation can be performed remotely, and the exploit has been publicly disclosed. The vendor was contacted early but di...

5.1CVSS4.3AI score0.00039EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/03/28 10:45 a.m.32 views

CVE-2026-4995 wandb OpenUI Window Message Event index.html cross site scripting

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

5.1CVSS0.00039EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/28 10:45 a.m.1 views

CVE-2026-4995 wandb OpenUI Window Message Event index.html cross site scripting

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

5.1CVSS4.3AI score0.00039EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/28 10:45 a.m.1 views

CVE-2026-4995

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

5.1CVSS4.3AI score0.00039EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2026/03/28 10:16 a.m.1 views

CVE-2026-4994

A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function genericexceptionhandler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the...

5.1CVSS0.00029EPSS
Exploits0References4
NVD
NVDadded 2026/03/28 10:16 a.m.1 views

CVE-2026-4993

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

4.8CVSS0.00006EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/28 9:15 a.m.6 views

CVE-2026-4994

A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function genericexceptionhandler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the...

5.1CVSS5.4AI score0.00029EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/03/28 9:15 a.m.37 views

CVE-2026-4994 wandb OpenUI APIStatusError server.py generic_exception_handler information exposure

A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function genericexceptionhandler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the...

5.1CVSS0.00029EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/28 9:15 a.m.2 views

CVE-2026-4994 wandb OpenUI APIStatusError server.py generic_exception_handler information exposure

A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function genericexceptionhandler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the...

5.1CVSS5.4AI score0.00029EPSS
Exploits0References4
CVE
CVEadded 2026/03/28 9:15 a.m.7 views

CVE-2026-4994

CVE-2026-4994 affects wandb OpenUI up to 1.0/3.5-turb. The vulnerable component is generic_exception_handler in backend/openui/server.py of the APIStatusError Handler. The issue arises from manipulation of the argument key, leading to information exposure through error messages. Access to the loc...

5.1CVSS5.4AI score0.00029EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/28 9:15 a.m.4 views

CVE-2026-4993

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

4.8CVSS5.2AI score0.00006EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder