Lucene search
K

5155 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-59219

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS0.00259EPSS
Exploits1References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42625

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS5.9AI score0.00259EPSS
Exploits1References3
CVE
CVE
added 4 days ago10 views

CVE-2026-59219

Open WebUI 0.9.0–0.10.0: with Redis configured, the terminal websocket first-message authentication used decode_token without a Redis-backed is_valid_token revocation check, allowing revoked JWTs to continue authenticating realtime connections. Fixed in version 0.10.0. This affects realtime endpo...

7.1CVSS5.9AI score0.00259EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-59219 Open WebUI: Realtime endpoints accept Redis-revoked JWTs after signout/backchannel logout

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS0.00259EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-59219

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS5.9AI score0.00259EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 4 days ago3 views

netty-codec-redis: Netty: Denial of Service via malicious Redis array header

A flaw was found in Netty, a network application framework. The RedisArrayAggregator component pre-allocates memory based on the declared element count in a Redis array header. A remote attacker can exploit this by sending a small, malicious Redis array header that claims a huge initial capacity,...

7.5CVSS7.1AI score0.0038EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 4 days ago3 views

netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by repeatedly closing Redis pipeline connections before a Redis array aggregate completes. This leads to a permanent leak of direct-memory buffers, which prevents memory chunks from being returned to the share...

8.7CVSS5.9AI score0.005EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 4 days ago3 views

netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending specially crafted Redis payloads across multiple connections without proper termination. This can exhaust the server's direct memory pool, leading to a Denial of Service DoS condition where legitima...

7.5CVSS5.9AI score0.0038EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 4 days ago3 views

netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending a specially crafted Redis payload containing deeply nested arrays. This action forces the server to allocate a large number of state objects and collections, leading to memory exhaustion...

7.5CVSS5.9AI score0.0038EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 4 days ago4 views

netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder

A flaw was found in Netty, an asynchronous, event-driven network application framework. The Netty Redis codec encoder RedisEncoder does not properly validate or sanitize user-controlled string content for CRLF Carriage Return Line Feed characters. A remote attacker, by controlling the content of ...

7.1CVSS6.7AI score0.00198EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 4 days ago6 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18.1.P1 for Spring Boot release.

Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.4AI score0.00969EPSS
Exploits6References33
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56884

Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.9.0 through 0.9.x Description When Redis is configured, the authentication process for Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message uses the decode token function withou...

7.1CVSS6.1AI score0.00259EPSS
Exploits1References7
OSV
OSV
added 6 days ago4 views

RLSA-2026:35826 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via...

8.2CVSS6.6AI score0.00478EPSS
Exploits0References2
OSV
OSV
added 6 days ago5 views

RLSA-2026:35831 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via...

8.2CVSS6AI score0.00478EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/06 3:19 p.m.7 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.21.1 security update

Important: Red Hat OpenShift GitOps v1.21.1 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-10083 RC 1.21.0-7: Missing permission for web-based terminal in Argocd UI GITOPS-10178 OpenShift GitOps operator v1.21.0 breaks Redis-HA...

7.5CVSS6AI score0.00813EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/06 3:49 a.m.8 views

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.6CVSS6AI score0.00478EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.9 views

Malicious code in pinokio-redis (npm)

pinokio-redis is a malicious npm package and part of the multi-wave "forge-jsx" cross-platform RAT campaign Wave 4. It was published by npm account 'donimique' [email protected]. The package.json description 'Node.js integration layer for Autodesk Forge' and the bundled README.md literally...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/07/06 12:0 a.m.3 views

ALSA-2026:35831 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via...

9.6CVSS6AI score0.00478EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 8:17 p.m.6 views

CVE-2026-14265

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a...

8.8CVSS0.00416EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54642

Name of the Vulnerable Software and Affected Versions AWS Advanced JDBC Wrapper versions 3.3.0 through 4.0.0 Description Deserialization of untrusted data in the RemoteQueryCachePlugin allows an actor with write access to the shared cache infrastructure to execute arbitrary code on application...

8.8CVSS6.3AI score0.00416EPSS
Exploits0References11
Rows per page
Query Builder