Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/05/19 1:58 a.m.9 views

CVE-2026-45672

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

8.8CVSS6AI score0.00406EPSS
Exploits2References1
ATTACKERKB
ATTACKERKBadded 2026/05/15 9:26 p.m.10 views

CVE-2026-45315

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS5.8AI score0.0018EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.9 views

PT-2026-41168

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description An issue exists where the audio transcription upload endpoint uses the file extension from a user-supplied filename to save files. The '/cache/path' route serves these files via FileResponse, whic...

8.7CVSS5.9AI score0.0018EPSS
Exploits1References7
RedhatCVE
RedhatCVEadded 2026/05/04 8:21 p.m.5 views

CVE-2026-7458

The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "userverificationformwrapprocessotpLogin" function. This makes it...

9.8CVSS5.8AI score0.00578EPSS
Exploits3References1
Veracode
Veracodeadded 2025/12/24 7:40 a.m.6 views

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to failure to validate email ownership during the Slack import process, which allows an attacker to create verified user accounts with arbitrary email domains and bypass email-based team...

5.4CVSS5.8AI score0.00285EPSS
Exploits0References6Affected Software2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-51654

Malicious code in bioql PyPI...

7.5CVSS8.7AI score0.00448EPSS
Exploits0References4
Prion
Prionadded 2023/05/20 3:15 a.m.17 views

Cross site request forgery (csrf)

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...

6CVSS7.4AI score0.00399EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTECadded 2017/06/30 12:0 a.m.4 views

The vulnerability of the software for organizing collaborative work among users in Horde Groupware allows a hacker to break the encryption of emails.

The vulnerability of the Horde Groupware software for organizing collaborative work among users is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a malicious actor, who must act remotely and who is a verified user of Horde Webmail and has access to PG...

9CVSS7.6AI score0.40447EPSS
Exploits0References2
Rows per page
Query Builder