CVE-2026-44570 Open WebUI: Inconsistent authorization controls within memories API

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories...

EUVD-2026-30642

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories...

EUVD-2026-30643

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

CVE-2026-45010

phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by...

CVE-2026-45010 phpMyFAQ - Unauthenticated Two-Factor Authentication Brute-Force via /admin/check Endpoint

phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by...

CVE-2026-45010

CVE-2026-45010 affects phpMyFAQ before 4.1.2. The /admin/check endpoint improperly restricts authentication attempts, accepting arbitrary user-id parameters without session binding or rate limiting. This enables unauthenticated attackers to brute-force any user’s six-digit TOTP code by submitting...

Exploit for CVE-2026-8181

EN: Controlled PoC and brief technical notes for authorized secu...

EUVD-2026-30518

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-7046

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

EUVD-2026-30501

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...

CVE-2026-0427

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities were caused by TOCTOU race conditions in the LDAP and OAuth authentication processes, which could allow...

WordPress plugin NEX-Forms – Ultimate Forms Plugin SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Open WebUI 安全漏洞

Open WebUI is an open-source, scalable, feature-rich, and user-friendly self-hosted WebUI. Versions of Open WebUI prior to 0.6.19 contained security vulnerabilities. These vulnerabilities stemmed from inconsistent authorization controls in the memory API, allowing standard users to delete, restor...

PT-2026-41357

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.2 Description An improper restriction of excessive authentication attempts exists in the "/admin/check" endpoint. This endpoint accepts arbitrary user-id parameters without session binding or rate limiting...

Information Exposure

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Information Exposure via the api/models endpoint. An attacker can access sensitive system prompt information by sending authenticated requests as a non-admin user. Remediation Upgrade open-webui to version...

Open WebUI Exposes System Prompt to Regular User [Non-Admin]

Summary A regular user non-admin can view the system prompt of the model which is set by an admin. Details When a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of available...

GestioIP 3.5.7 Remote Command Execution

This module exploits a command execution via file upload. If GestioIP is configured to use no authentication for admin account, no password is required to exploit the vulnerability. Otherwise, an authenticated user with admin right on the web site is required to exploit. Module Options msf use...

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182 , carries a CVSS score of 10.0. "A vulnerability in the peering authentication in Cisc...