PT-2026-39932

UNSUPPORTED WHEN ASSIGNED An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication...

WordPress plugin HEL Online Classroom: AI-powered Online Classrooms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Siemens SIMATIC 跨站脚本漏洞

Siemens SIMATIC is a series of programmable control and industrial software products developed by Siemens, a German company, for industrial automation and process control applications. Siemens SIMATIC has a cross-site scripting vulnerability. This vulnerability stems from the Web interface’s moti...

Siemens多款产品 跨站脚本漏洞

The Siemens SIMATIC Drive Controller is a series of drive controllers developed by the German company Siemens. Several Siemens products have a cross-site scripting vulnerability. This vulnerability arises from improper validation and cleaning of PLC/site names on the Web interface communication...

Hewlett Packard Enterprise ArubaOS（HPE ArubaOS） 跨站脚本漏洞

Hewlett Packard Enterprise ArubaOS is a network wireless operating system developed by Hewlett Packard Enterprise. Hewlett Packard Enterprise ArubaOS contains a cross-site scripting vulnerability. This vulnerability stems from vulnerabilities in the web-based management interface, which may allow...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from command injection in the web-based management...

PT-2026-40424

Name of the Vulnerable Software and Affected Versions dalfox versions prior to 2.12.0 Description When running in REST API server mode dalfox server, the software binds to 0.0.0.0:6664 by default without requiring authentication. An unauthenticated attacker can send a request to the '/scan'...

PT-2026-40381

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified AOS-10 affected versions not specified Description A command injection flaw in the web-based management interface allows an authenticated remote attacker to place arbitrary files on the underlying filesyst...

PT-2026-40336

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from command injection in the web-based management...

PT-2026-40364

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

PT-2026-39985

Affected devices do not properly validate and sanitize Technology Object TO name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...

CVE-2026-31232

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --modeldir argument, the code uses torch.load without...

PT-2026-40377

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified AOS-10 affected versions not specified Description Command injection flaws exist in the web-based management interface of the operating systems. An authenticated remote attacker can exploit these issues to...

CVE-2026-45666

creationtimestamp| type| source ---|---|--- 2026-05-11 19:03:58+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-x3qm-p8hr-3c3h...

CVE-2026-44226 pyLoad: Unauthenticated traceback disclosure via global exception handler in WebUI

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

CVE-2026-44226 pyLoad: Unauthenticated traceback disclosure via global exception handler in WebUI

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

CVE-2026-44226

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

Open WebUI Arbitrary File Write, Delete via Path Traversal

CONFIDENTIAL Vulnerability Disclosure Analysis Documentation ----------------------------------------------- Vulnerability Details --------------------- 1. Discoverer: Taylor Pennington of KoreLogic, Inc. 2. Date Submitted: June 11, 2024 3. Title: Open WebUI Arbitrary File Write, Delete via Path...

GHSA-J3FW-WC48-29G3 Open WebUI Arbitrary File Write, Delete via Path Traversal

CONFIDENTIAL Vulnerability Disclosure Analysis Documentation ----------------------------------------------- Vulnerability Details --------------------- 1. Discoverer: Taylor Pennington of KoreLogic, Inc. 2. Date Submitted: June 11, 2024 3. Title: Open WebUI Arbitrary File Write, Delete via Path...