Open WebUI < 0.9.5 - Information Disclosure

Open WebUI 0.9.5 contains an information disclosure vulnerability caused by unauthenticated access to GET /api/v1/retrieval/ endpoint, letting remote attackers retrieve live RAG pipeline configuration without authorization, exploit requires no authentication. id: CVE-2026-45397 info: name: Open...

CVE-2026-57283

A flaw was found in Jenkins Pipeline: Groovy Plugin. This cross-site request forgery CSRF vulnerability allows attackers to instantiate types related to job or system configuration. This could enable unauthorized modifications to the Jenkins environment...

CVE-2026-57300

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...

CVE-2026-57283

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator...

CVE-2026-57284

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

CVE-2026-57300

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...

CVE-2026-57300

The CVE-2026-57300 entry concerns Jenkins MCP Server Plugin versions 0.177.v629fdb_2557fe and earlier, where a missing permission check allows attackers with Item/Read permission to read Pipeline replay scripts for jobs they can access. The vulnerability stems from inadequate access control on pi...

EUVD-2026-38764

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

CVE-2026-57284

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

CVE-2026-57284

CVE-2026-57284 affects Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier. The vulnerability arises because the Pipeline Snippet Generator does not restrict the types that can be instantiated, potentially allowing an attacker to instantiate types related to job or system configuration...

EUVD-2026-38763

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator...

CVE-2026-57283

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator...

CVE-2026-57283

CVE-2026-57283 affects Jenkins Pipeline: Groovy Plugin (versions including 4331.v9d06ed4658ff and earlier). The vulnerability is a cross-site request forgery (CSRF) in the Pipeline Snippet Generator that lets an attacker instantiate types related to job or system configuration beyond Pipeline ste...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: mISDN: Fixed a memory leak in dsppipelinebuild. dsppipelinebuild allocates a dup pointer using kstrdupcfg, but then it updates the dup variable using strsep&dup, “|”. As a result, when it calls kfreedup, the dup variable...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/komeda: check for error-valued pointer komedapipelinegetstate may return an error-valued pointer; therefore, it is necessary to check that the pointer has a negative or null value before dereferencing it...

EUVD-2026-37894

A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1V1.0.6.020230803 enables unauthenticated network actors to bypass the device’s credential-enforced live-view workflow and directly retrieve real-tim...

SUSE CVE-2026-48006

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

Malicious code in metrics-pipeline-d8k2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01ad2ee3d3807102a3f02c01af0d3fec46d91e9764eb77a8bcedf9c6be7fc3b0 Package declares "postinstall": "node run.js" in package.json, causing automatic execution of bundled beacon scripts on npm install. beacon29.js load...

PT-2026-49768

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description A notification bypass allows Slack reaction events to enter the agent pipeline even when reaction notifications are disabled. This can trigger unintended agent processing for reaction events,...

EUVD-2026-36769

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...