CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2898 matches found

UbuntuCve•added 2026/02/11 12:0 a.m.•1 views

CVE-2026-1094

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

4.6CVSS5.9AI score0.00023EPSS

Exploits0References4

EUVD•added 2026/02/08 9:2 a.m.•5 views

EUVD-2026-5804

A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely...

5.1CVSS3.4AI score0.00022EPSS

Exploits1References6

CNNVD•added 2026/02/08 12:0 a.m.•3 views

nginxWebUI 代码注入漏洞

nginxWebUI is a nginx web configuration tool developed by cym1102 as an individual developer. Versions of nginxWebUI 4.3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter nginxDir in the file adminPage/conf/conf, which coul...

5.4CVSS5.7AI score0.00022EPSS

Exploits1References7

vulnersOsv•added 2026/02/03 7:15 p.m.•5 views

@circleci/agents (=2.13.2-canary.8150572), claude-code-webui (>=0.1.51 <=0.1.56) potentially affected by CVE-2026-24052 via @anthropic-ai/claude-code (=1.0.108)

@anthropic-ai/claude-code NPM version =1.0.108 is affected by a known vulnerability. The following packages have a transitive dependency on @anthropic-ai/claude-code and may be impacted: - @circleci/agents =2.13.2-canary.8150572 - claude-code-webui =0.1.51, =0.1.56 Source cves: CVE-2026-24052...

7.4CVSS5.8AI score0.00018EPSS

Exploits0

RedhatCVE•added 2026/02/03 3:18 p.m.•20 views

CVE-2024-2356

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS5.9AI score0.00117EPSS

Exploits0References1

RedhatCVE•added 2026/02/03 9:18 a.m.•3 views

CVE-2025-9974

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitra...

8CVSS5.9AI score0.00021EPSS

Exploits0References1

CVE•added 2026/02/02 10:36 a.m.•13 views

CVE-2024-2356

The CVE-2024-2356 family affects parisneo/lollms-webui, with a Local File Inclusion (LFI) in the /reinstall_extension endpoint. The vulnerability targets the name parameter of the POST route, allowing an attacker to inject a malicious value that causes the server to load and execute arbitrary Pyt...

9.6CVSS5.9AI score0.00117EPSS

Exploits0References2

ATTACKERKB•added 2026/02/02 10:36 a.m.•3 views

CVE-2024-2356

9.6CVSS5.9AI score0.00117EPSS

Exploits0References3

Cvelist•added 2026/02/02 10:36 a.m.•29 views

CVE-2024-2356 Remote Code Execution due to LFI in '/reinstall_extension' in parisneo/lollms-webui

9.6CVSS0.00117EPSS

Exploits0References2

Cvelist•added 2026/02/02 9:1 a.m.•28 views

CVE-2025-9974 Insufficient Input Validation on WEBUI in Nokia ONT/Beacon product

0.00021EPSS

Exploits0References1

RedhatCVE•added 2026/01/24 9:15 a.m.•9 views

CVE-2026-0766

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS6.5AI score0.00225EPSS

Exploits1References1

RedhatCVE•added 2026/01/24 9:15 a.m.•14 views

CVE-2026-0767

Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The specific flaw...

6.5CVSS5.5AI score0.00019EPSS

Exploits1References1

RedhatCVE•added 2026/01/24 9:15 a.m.•8 views

CVE-2026-0765

Open WebUI PIP installfrontmatterrequirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists...

8.8CVSS6.5AI score0.00225EPSS

Exploits0References1

Snyk•added 2026/01/23 5:9 a.m.•1 views

Command Injection

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Command Injection via the installfrontmatterrequirements function. An attacker can execute arbitrary code in the context of the service account by supplying crafted input that is not properly validated before...

8.8CVSS8.5AI score0.00225EPSS

Exploits0References2

Snyk•added 2026/01/23 5:8 a.m.•6 views

Arbitrary Code Injection

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary Code Injection via the loadtoolmodulebyid function in the utils/plugin.py file. An attacker can execute arbitrary code in the context of the service account by supplying a crafted string that is not...

8.8CVSS8.6AI score0.00225EPSS

Exploits1References2