CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

51 matches found

CVE-2026-54014

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache...

4.3CVSS0.00244EPSS

Exploits1References1

Cvelist•added 5 days ago•33 views

CVE-2026-54014 Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui

4.3CVSS0.00244EPSS

Exploits1References1

CVE•added 5 days ago•15 views

CVE-2026-54014

Open WebUI (open-webui/open-webui) before version 0.9.6 is affected by a sibling-prefix path traversal in the cache file endpoint. The vulnerability stems from serve_cache_file() validating the absolute path with file_path.startswith(os.path.abspath(CACHE_DIR)) without appending a trailing path s...

4.3CVSS5.9AI score0.00244EPSS

Exploits1References1Affected Software1

Github Security Blog•added 2026/06/17 2:16 p.m.•13 views

Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}

Summary A path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache directory, by exploiting an incomplete startswith containment check that lacks a trailing path separator...

4.3CVSS5.3AI score0.00244EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2026/06/05 7:29 p.m.•10 views

CVE-2026-46337

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

6.9CVSS5.6AI score0.00455EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:10 p.m.•11 views

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

8.8CVSS5.5AI score0.0054EPSS

Exploits2References1

OSV•added 2026/06/04 5:38 p.m.•8 views

GHSA-WQCR-7RF3-F64M Singluarity: Incorrect path matching for 'limit container paths' directive

Impact The limit container paths directive in singularity.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed. For exampl...

4.8CVSS5.8AI score0.0001EPSS

Exploits0References5

Github Security Blog•added 2026/06/04 5:38 p.m.•12 views

Singluarity: Incorrect path matching for 'limit container paths' directive

5.8AI score0.0001EPSS

Exploits0References5Affected Software2

Positive Technologies•added 2026/06/04 12:0 a.m.•15 views

PT-2026-46870

4.8CVSS5.8AI score

Exploits0References6

Tenable Nessus•added 2026/06/03 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-5422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within...

8.1CVSS6.7AI score0.00437EPSS

Exploits1References3

NVD•added 2026/06/02 10:16 a.m.•13 views

CVE-2026-5422

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

8.1CVSS0.00437EPSS

Exploits1References1

OSV•added 2026/06/02 10:16 a.m.•6 views

DEBIAN-CVE-2026-5422

8.1CVSS5.8AI score0.00437EPSS

Exploits1References1

Vulnrichment•added 2026/06/02 9:11 a.m.•9 views

CVE-2026-5422 Path Traversal in jupyter/jupyter

6.8CVSS6.7AI score0.00437EPSS

Exploits1References1

ATTACKERKB•added 2026/06/02 9:11 a.m.•9 views

CVE-2026-5422

6.8CVSS6.7AI score0.00437EPSS

Exploits1References2

CNNVD•added 2026/05/29 12:0 a.m.•12 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities allow unauthorized remote attackers to read arbitrary image files on a disk that can be accessed by PHP...

6.9CVSS5.9AI score0.00455EPSS

Exploits1References1

OSV•added 2026/05/08 11:33 p.m.•5 views

GHSA-HG3H-G7XC-F7VP view_component: System Test Entry Point Path Check Allows Sibling Directory Escape

Summary The system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. This is not a safe containment check because sibling directories can share the same string prefix. Severity: Medium; test-rou...

5.9CVSS5.8AI score0.00412EPSS

Exploits1References4

SUSE CVE•added 2026/05/07 2:20 a.m.•8 views

SUSE CVE-2026-35397

8.8CVSS5.8AI score0.0054EPSS

Exploits2References3

Tenable Nessus•added 2026/05/06 12:0 a.m.•12 views

Linux Distros Unpatched Vulnerability : CVE-2026-35397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticat...

8.8CVSS5.5AI score0.0054EPSS

Exploits2References3