9 matches found
CVE-2026-54011 Open WebUI: Stored XSS in Mermaid Markdown Preview
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...
Open WebUI has Stored Cross-Site Scripting In Profile Picture
Summary The profileimageurl field on the user profile update form accepted arbitrary data: URI values without MIME-type validation. Two distinct attack paths were independently demonstrated by separate reporters: 1. data:text/html;base64,... in a new browser tab raresvis, 2025-04-17 — when a vict...
CVE-2026-34161
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...
CVE-2026-28274 Initiative Vulnerable to Token Theft via Stored XSS in Document Uploads
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS that originates from an application that may corrupt coprocessor memory...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS that originates from an application that may corrupt coprocessor memory...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS version 15, which originates from an application that may be able to bypass certain privacy preferences...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS version 13.7, which originates from an application that may be able to bypass privacy preferences...
Apple macOS Ventura Security Vulnerability
Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13, which originates from an application that may be able to execute arbitrary code using kernel privileges...