CVE-2026-33340

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery SSRF vulnerability has been identified in all known existing versions of lollms-webui. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to...

EUVD-2026-14928

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery SSRF vulnerability has been identified in all known existing versions of lollms-webui. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to...

CVE-2026-33340

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery SSRF vulnerability has been identified in all known existing versions of lollms-webui. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to...

PT-2026-27456

Name of the Vulnerable Software and Affected Versions LoLLMs WEBUI affected versions not specified Description LoLLMs WEBUI, the web user interface for Lord of Large Language and Multi modal Systems, contains a Server-Side Request Forgery SSRF issue. An unauthenticated attacker can exploit this t...

CVE-2026-32632

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

UBUNTU-CVE-2026-32632

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

CVE-2026-32632

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

MAL-2026-1588 Malicious code in @bingads-webui-help/apex.core.v3.min (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87351101634ee5726eaa0ee76ecaec8529226c993a610ea5a2d1b7521778bd5a The package @bingads-webui-help/apex.core.v3.min was found to contain malicious code...

Malicious code in @bingads-webui-cc-react/edit-primary-contact (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8db2de62135603996e4dfafbfd49878df32f1d35291bd473c636cef7b7303f6 The package @bingads-webui-cc-react/edit-primary-contact was found to contain malicious code...

MAL-2026-1587 Malicious code in @bingads-webui-cc-react/edit-primary-contact (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8db2de62135603996e4dfafbfd49878df32f1d35291bd473c636cef7b7303f6 The package @bingads-webui-cc-react/edit-primary-contact was found to contain malicious code...

CVE-2026-22316

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack...

CVE-2026-22316 Buffer Overflow using TFTP Filename

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack...

CVE-2026-31826 vulnerabilities

Vulnerabilities for packages: open-webui...

CVE-2026-32597 vulnerabilities

Vulnerabilities for packages: airflow, py3-cassandra-medusa, ggshield, superset, az, semgrep, kserve, open-webui...

GHSA-3936-CMFR-PM3M vulnerabilities

Vulnerabilities for packages: kserve, open-webui...

GHSA-752W-5FWX-JX9F vulnerabilities

Vulnerabilities for packages: airflow, py3-cassandra-medusa, ggshield, superset, az, semgrep, kserve, open-webui...

CVE-2026-32274 vulnerabilities

Vulnerabilities for packages: kserve, open-webui...

glances 安全漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of application-level host permission checks in REST/WebUI applications. This could lead to DNS redirection attacks,...

CVE-2025-15552

CVE-2025-15552 affects Truesec LAPSWebUI. Insufficient session expiration in versions before 2.4 lets a workstation user escalate privileges by disclosure of the local admin password. CVSS v4.0 base score 6.0 (Medium). The documents do not specify a concrete fix version or mitigation details.

apache-gravitino (>=1.2.0 <=1.2.1rc2), cloudquery-plugin-sdk (=0.1.52) +14 more potentially affected by CVE-2026-32274 via black (>=26.1.0 <=26.3.0)

black PYPI version =26.1.0, =1.2.0, =0.4.0, =0.2.2, =2.189.0, =0.12.0, =0.7.4, =0.8.0, =0.1.8, =2.54.8, =0.17.1, =1.2.1, =0.1.2, =0.1.3 and more Source cves: CVE-2026-32274 Source advisory: SNYK:PYTHON-BLACK-15518063...