Lucene search
K

6 matches found

CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

kavita 访问控制错误漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0 contained an access control vulnerability. This vulnerability stemmed from the ReaderController.GetImage endpoint, which allowed completely unauthenticated access,...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.16 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the router not calling filterallowedaccessgrants during path creation or updates...

5.4CVSS5.9AI score0.0019EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/v1/retrieval/process/web endpoint accepting parameter...

8.1CVSS5.8AI score0.00295EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI based on the open-source Open WebUI framework. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the ydoc:document:update Socket.IO event handler, which checke...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.9 views

PT-2023-10336 · Unknown · Fabarea Media Upload

Name of the Vulnerable Software and Affected Versions: fabarea media upload versions prior to 0.9.0 Description: A critical vulnerability has been found in the function getUploadedFileList of the file Classes/Service/UploadFileService.php, which leads to pathname traversal. Recommendations: For...

9.8CVSS5.8AI score0.00858EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/12/23 12:0 a.m.5 views

PT-2022-27995 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.0 Description: The issue is related to an Authorization Bypass Through User-Controlled Key and Improper Authentication in the usememos/memos GitHub repository. Recommendations: For versions prior to 0.9.0,...

9.8CVSS8.7AI score0.00731EPSS
Exploits1References11
Rows per page
Query Builder