Lucene search
K

102791 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/15 9:19 p.m.9 views

CVE-2026-45301

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This...

8.1CVSS5.8AI score0.00273EPSS
Exploits1References2Affected Software1
Fedora
Fedora
added 2026/05/15 9:9 p.m.12 views

[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-17.fc43

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS6AI score0.61469EPSS
Exploits41
Veracode
Veracode
added 2026/05/15 9:9 p.m.13 views

Blind SQL Injection

Zabbix is vulnerable to blind SQL injection. The vulnerability is due to improper sanitization of the sortfield parameter in include/classes/api/CApiService.php, which allows a low-privileged user with API access to execute arbitrary SQL select queries and exfiltrate database data through...

8.7CVSS6.2AI score0.0024EPSS
Exploits0References3Affected Software1
Fedora
Fedora
added 2026/05/15 8:58 p.m.11 views

[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-17.fc44

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS6AI score0.61469EPSS
Exploits41
NVD
NVD
added 2026/05/15 8:16 p.m.23 views

CVE-2026-45399

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...

7.1CVSS0.0027EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 7:21 p.m.37 views

CVE-2026-45339

Open WebUI (self-hosted offline AI platform) has a vulnerability where endpoint access restrictions on API keys could be bypassed by using the x-api-key header, even when the key was restricted from sensitive endpoints like /api/v1/messages. Prior to version 0.9.0, requests with Authorization: Be...

6.5CVSS5.8AI score0.00309EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/15 7:18 p.m.27 views

CVE-2026-45399

Open WebUI CVE-2026-45399 describes a broken authorization gap in multi-user deployments: before release 0.9.0, authenticated, low-privilege users could enumerate and stop global background tasks via GET /api/tasks and POST /api/tasks/stop/{task_id}, impacting integrity and availability across us...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/05/15 7:16 p.m.11 views

CVE-2021-47963

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...

7.2CVSS0.00469EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:36 p.m.7 views

CVE-2026-46362

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

6.5CVSS5.9AI score0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 6:36 p.m.9 views

EUVD-2026-30599

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

6.5CVSS5.9AI score0.00303EPSS
Exploits0References2
CVE
CVE
added 2026/05/15 6:36 p.m.14 views

CVE-2021-47967

CVE-2021-47967 affects PHP Timeclock 1.04 with multiple cross-site scripting (XSS) vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can target login.php, timeclock.php, audit.php, and timerpt.php endpoints...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/15 6:4 p.m.10 views

CVE-2026-39805

A flaw was found in Bandit, an HTTP server. This vulnerability allows for HTTP request smuggling due to the server's inconsistent handling of duplicate Content-Length headers in HTTP requests. An unauthenticated attacker can exploit this by sending a specially crafted request. If Bandit is...

7.4CVSS5.8AI score0.00518EPSS
Exploits0References7
NVD
NVD
added 2026/05/15 5:16 p.m.39 views

CVE-2026-46383

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

5.5CVSS0.0061EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 5:5 p.m.22 views

CVE-2026-42155

Summary of CVE-2026-42155 (Magento OpenMage LTS): The issue affects OpenMage/magento-lts OpenMage LTS releases via the legacy API session ID generation in Mage_Api_Model_Session::start(), where the session ID is md5(time() . uniqid('', true) . (possibly null sessionName)). This yields very low en...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 4:16 p.m.11 views

CVE-2026-2031

An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to...

10CVSS0.00514EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 4:4 p.m.49 views

CVE-2026-46383 Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

5.5CVSS0.0061EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 3:38 p.m.26 views

CVE-2026-2031

The CVE-2026-2031 entry describes an improper access control vulnerability in several internal API endpoints of Google Cloud Application Integration (prior to 2026-01-23). An unauthenticated remote attacker can disclose sensitive internal information and execute arbitrary code by sending speciall...

10CVSS6AI score0.00514EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 3:38 p.m.14 views

EUVD-2026-30552

An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to...

10CVSS6AI score0.00514EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 3:38 p.m.13 views

CVE-2026-2031 Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution.

An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to...

10CVSS6AI score0.00514EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 3:38 p.m.8 views

CVE-2026-2031

An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to...

10CVSS6AI score0.00514EPSS
Exploits0References2
Rows per page
Query Builder