CVE-2026-45672 Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

CVE-2025-8775

The CVE-2025-8775 affects Qiyuesuo Eelectronic Signature Platform versions up to 4.34. The vulnerability is in the execute function of /api/code/upload within the Scheduled Task Handler; manipulating the File argument enables unrestricted file uploads and could be exploited remotely. The exploit ...

CVE-2024-0196

A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed ...

VulnCheck KEV: CVE-2025-4428

Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source...

PT-2025-9696 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2025 Description: A problematic issue has been found in the URL Handler component, specifically affecting the /3/ucenter api/code/register nodb.php file. The manipulation of the $ SERVER'PHP SELF' argument leads to cross-site...

CVE-2024-23813

A vulnerability has been identified in Polarion ALM All versions V2404.0. The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code...

Malicious code in api-code-capture-chrome-extension (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f1e44f89c4e3876559f46852c9a652c510df9384be3ffd0180e36f9fd64e8cfe The OpenSSF Package Analysis project identified 'api-code-capture-chrome-extension' @ 20.0.1 npm as malicious. It is considered malicious becaus...

Vulnerability fixed in Atlassian Bitbucket

Atlassian has fixed a vulnerability in Bitbucket Server and Data Center. A malicious party could exploit the vulnerability to execute arbitrary code via API calls with permissions from the application. To exploit, the malicious party only needs access to a public repository, or if it is a private...

NVIDIA GPU was traced to vulnerabilities, you can view the porn browsing history-bug warning-the black bar safety net

! Chrome's incognito mode in some specific cases not necessarily be able to protect individual privacy, recently a gamer the exposure of the Nvidia GPU of the previous vulnerability, the use of the vulnerability can view Chrome incognito mode to browse porn sites picture. Evan Andersen once loade...

PT-2014-1088 · Google +1 · Google V8 +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 34.0.1847.131 on Windows and OS X Google Chrome versions prior to 34.0.1847.132 on Linux Description: The issue is related to an integer overflow in the api.cc file of Google V8, used in Google Chrome. This...