hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45675 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45675 Source advisory: OSV:GHSA-H3WW-Q6XX-W7X3...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45671 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45671 Source advisory: OSV:GHSA-26G9-27VM-X3Q8...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44561 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44561 Source advisory: SNYK:PYTHON-OPENWEBUI-16599161...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44555 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44555 Source advisory: OSV:GHSA-9VVH-QMJX-P4Q8...

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the unlimited depth of recursive traversal in lib/dom.js, which could...

`unpack_in` can chmod arbitrary directories by following symlinks

In versions 0.6.0 and earlier of astral-tokio-tar, the unpackin API could inadvertently modify the permissions of external i.e. non-archive directories outside of the archive. An attacker could use this to contrite a tar archive that maliciously changes directory permissions outside of its intend...

DEBIAN-CVE-2026-3172

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server...

UBUNTU-CVE-2026-3172

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server...

CVE-2026-3172 pgvector buffer overflow in parallel HNSW index build

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server...

CuPs (>=0.0.0 <=0.0.5), IF (=0.0.0) +22 more potentially affected by unknown CVE via unic-ucd-name (>=0.6.0 <=0.9.0)

unic-ucd-name CARGO version =0.6.0, =0.0.0, =1.11.3, =0.3.0, =0.3.0, =0.0.102, =0.0.7, =0.0.1, =1.0.0, =0.1.0, =0.1.0, =0.0.0, =0.0.111 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0076...

CuPs (>=0.0.0 <=0.0.5), IF (=0.0.0) +20 more potentially affected by unknown CVE via unic-ucd-case (>=0.6.0 <=0.9.0)

unic-ucd-case CARGO version =0.6.0, =0.0.0, =1.11.3, =0.3.0, =0.3.0, =0.0.102, =0.0.7, =0.0.1, =1.0.0, =0.1.0, =0.1.0, =0.0.0, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0092...

CVE-2025-60537

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-60536

The CVE-2025-60536 entry affects kafka-ui, specifically the Configure New Cluster interface in versions v0.6.0 through v0.7.2. The issue allows an attacker to trigger a Denial of Service by uploading a crafted configuration file. The available connected documents confirm the affected product/vers...

CVE-2025-60537

CVE-2025-60537 affects Kafka UI, specifically the component "/kafka/ui/serdes/CustomSerdeLoader.java" in versions v0.6.0 to v0.7.2. The root cause is improper input validation in this loader, allowing attackers to execute arbitrary code when supplied with crafted data. The statements in connected...

EUVD-2021-12804

Malware in sbrugna...

WordPress NanoSupport plugin <= 0.6.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin NanoSupport versions = 0.6.0...

PT-2024-13952 · Jester · Jester

Name of the Vulnerable Software and Affected Versions: Jester versions 0.6.0 and earlier Description: An issue in Jester allows a remote attacker to execute arbitrary code via a crafted request. This enables the attacker to send a maliciously crafted request, potentially leading to arbitrary code...

ai.grakn:grakn-dist (>=0.7.0 <=0.16.0), ai.grakn:grakn-test (=0.10.0) +2344 more potentially affected by CVE-2023-31418 via org.elasticsearch:elasticsearch (>=0.6.0 <=7.17.12)

org.elasticsearch:elasticsearch MAVEN version =0.6.0, =0.7.0, =0.6.1, =0.11.0, =j11.2.6.0, =0.3.0, =1.0.1, =5.1.0, =5.6.5, =5.1.0, =5.3.0, =5.1.0, =5.1.0, =5.1.0, =5.7.9 and more Source cves: CVE-2023-31418 Source advisory: OSV:GHSA-2CQF-6XV9-F22W...

CVE-2023-27510

JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry...

PT-2023-19917 · Sniproxy +2 · Sniproxy +2

Name of the Vulnerable Software and Affected Versions: SNIProxy versions 0.6.0-2 through the master branch commit: 822bb80df9b7b345cc9eba55df74a07b498819ba Description: A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy. A specially crafted HTTP or TLS...