Lucene search
K

1083 matches found

Cvelist
Cvelist
added yesterday8 views

CVE-2026-6875 Sandbox Escape in ServiceNow AI Platform

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform. ServiceNow addressed this vulnerability by deploying...

9.5CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday34 views

n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution

n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...

9.9CVSS7.6AI score0.05258EPSS
Exploits1References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-47199 Frappe: check_safe_sql_query Permits SELECT INTO OUTFILE

Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, checksafesqlquery permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if database permissions are not well aligned and MySQL FILE privileges are available. This issue is fixed in...

2.3CVSS0.00401EPSS
Exploits0References7
CVE
CVE
added 4 days ago7 views

CVE-2026-57230

OpenReplay (self-hosted session replay) prior to 1.27.0 is affected by an authenticated SQL injection in the session search and analytics API for enterprise editions with multi-tenancy enabled. The vulnerability arises from building ClickHouse queries by inserting user input into the query string...

5.4CVSS6.1AI score0.00207EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-55789 Logto: SAML IdP injects user-controlled profile attributes raw into signed assertions, allowing privilege escalation at relying Service Providers

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into...

8.5CVSS0.00298EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57292

Name of the Vulnerable Software and Affected Versions Logto versions prior to 1.41.0 Description The self-hosted SAML application IdP constructs signed SAML responses and assertions by substituting user-controlled profile attributes, such as name, email, and custom attribute-mapping values, into...

8.5CVSS6.2AI score0.00298EPSS
Exploits0References6
NVD
NVD
added 5 days ago7 views

CVE-2026-55605

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS0.00429EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-55605 @arikusi/deepseek-mcp-server Missing Authentication on Self-Hosted HTTP MCP Endpoint

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS0.00429EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-55605

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS5.9AI score0.00429EPSS
Exploits0References4Affected Software1
CVE
CVE
added 5 days ago10 views

CVE-2026-55605

Summary: CVE-2026-55605 affects the self-hosted HTTP transport of @arikusi/deepseek-mcp-server used with DeepSeek V4. starting in 1.4.2 and before 1.8.0, the POST /mcp endpoint is exposed without authentication due to createMcpExpressApp being called without an authProvider and missing route guar...

5.3CVSS5.9AI score0.00429EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42650

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, sanitizeproxypath in backend/openwebui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks...

7.7CVSS5.9AI score0.00362EPSS
Exploits1References4
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42633

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEBFETCHFILTERLIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL pa...

4.3CVSS6AI score0.00223EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42631

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6CVSS5.9AI score0.00265EPSS
Exploits1References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42629

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

3.5CVSS6AI score0.00273EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56832

Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.6.16 through 0.9.x Description The Socket.IO server is configured with always connect=True, which allows the ydoc:awareness:update and ydoc:document:leave Socket.IO handlers to accept collaborative-document events without...

6.5CVSS6.1AI score0.00222EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56895

Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.9.6 through 0.9.9 Description The sanitize proxy path function in backend/open webui/routers/terminals.py fails to properly normalize proxy paths by decoding them only eight times. This allows a nine-times percent-encoded...

7.7CVSS6.1AI score0.00362EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56882

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.10.0 Description Authenticated users can execute Python code or tools within another user's session. This occurs because the get event call function delivers execute:python and execute:tool Socket.IO events to a...

7.7CVSS6.2AI score0.00276EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56831

Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.8.11 through 0.9.x Description An issue exists where the 'POST /api/v1/images/edit' endpoint only requires a verified account and fails to enforce the global image-edit switch or per-user image-generation permissions. Thi...

5.4CVSS6.1AI score0.00259EPSS
Exploits1References9
NVD
NVD
added last week10 views

CVE-2026-34171

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS0.00146EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-34057

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS6AI score0.00347EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder