536 matches found
Open WebUI 'LDAP Empty Password' - Authentication Bypass
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...
EUVD-2026-38655
The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...
EUVD-2026-38641
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...
CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions
FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...
Astra Linux – Vulnerability in exiv2
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was discovered in Exiv2 versions v0.27.4 and earlier. This infinite loop occurs when Exiv2 is used to modify the metadata of a specially crafted image file. ...
CVE-2026-54017 Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...
EUVD-2024-55627
Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...
EUVD-2026-36789
Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...
CVE-2026-50882
An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2026-12206 Grit42 Grit data_table_entity.rb DataTableEntity sql injection
A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...
EUVD-2026-36541
Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2...
CVE-2026-46695
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...
EUVD-2026-36051
A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...
PT-2026-48538
Name of the Vulnerable Software and Affected Versions anyquery versions prior to 0.4.5 Description A path traversal issue exists in the SQL scalar function clear plugin cache within the namespace/other functions.go file. The function accepts a plugin argument and passes it to path.Join and...
EUVD-2026-35438
Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...
CVE-2026-6621
A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...
CVE-2026-43990
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's runcommand wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied arguments to be...
DataDog::DogStatsd 安全漏洞
DataDog::DogStatsD is a Perl monitoring client library developed by DataDog Corporation that supports the DogStatsD protocol. Versions of DataDog::DogStatsD prior to 0.07 contained security vulnerabilities; these vulnerabilities stemmed from improper handling of inputs, allowing for the injection...
DEBIAN-CVE-2026-40898
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...
CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...