Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/02/19 7:10 p.m.23 views

CVE-2026-26192 Open WebUI vulnerable to Stored XSS via iFrame in citations model

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...

7.3CVSS0.00043EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2026/02/06 5:32 a.m.4 views

CVE-2026-1991

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be use...

5.5CVSS3.9AI score0.0003EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2026/01/09 8:42 a.m.5 views

CVE-2022-31164

Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51...

7.5CVSS6.6AI score0.00313EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/12/04 12:0 a.m.1 views

PT-2025-49045

Name of the Vulnerable Software and Affected Versions ComposioHQ version 0.7.20 Description A directory traversal issue exists in ComposioHQ version 0.7.20. This allows a remote attacker to potentially access sensitive information through the download file or dir function. The issue involves...

7.5CVSS6.3AI score0.00419EPSS
Exploits1References7
RedhatCVE
RedhatCVEadded 2025/05/23 8:20 a.m.9 views

CVE-2024-5170

The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7CVSS5.7AI score0.00106EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 12:38 a.m.2 views

CVE-2011-3731

e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107plugins/pdf/e107pdf.php and certain other files...

5CVSS6.5AI score0.00283EPSS
Exploits1References1
PyPA
PyPAadded 2025/01/27 6:15 p.m.7 views

PYSEC-2025-58

vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...

8.8CVSS7.8AI score0.01009EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder