771 matches found
CVE-2026-8314
CVE-2026-8314 affects Rockwell Automation Arena Simulation’s siman.exe component. The issue is a memory corruption/out-of-bounds write caused by inadequate validation of user-supplied data, enabling code execution in the user’s context when a malicious file is opened. The CVSS v4.0 score is 7.0 (...
CVE-2026-8313
The provided data describes CVE-2026-8313 affecting Arena® Simulation, specifically a memory corruption vulnerability in the linker.exe (Siman) component. The issue arises from improper validation of user-supplied data, leading to an out-of-bounds write. An attacker could potentially execute arbi...
CVE-2026-8312
The CVE-2026-8312 entry concerns Arena® Simulation’s expmt.exe (Siman) component. It describes a memory corruption vulnerability caused by improper validation of user-supplied data, leading to an out-of-bounds write. The documented impact is arbitrary code execution in the context of the current ...
CVE-2026-8085
The CVE concerns Arena® Simulation, specifically memory corruption in the model.exe (Siman) component caused by improper validation of user-supplied data, leading to an out-of-bounds write. Exploitation could allow arbitrary code execution in the context of the current process when a user opens a...
CVE-2026-59225
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...
CVE-2026-59225 Open WebUI: Arena task endpoints can bypass underlying model access controls
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...
CVE-2026-59225
Open WebUI vulnerability CVE-2026-59225 affects versions 0.8.12 up to before 0.10.0. An authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model via task endpoints like /api/v1/tasks/moa/completions. The normal chat flow re-checks submodel ac...
CVE-2026-59225 Open WebUI: Arena task endpoints can bypass underlying model access controls
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...
EUVD-2026-42639
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...
PT-2026-56888
Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.8.12 through 0.9.x Description An authenticated non-admin user with read access to an arena wrapper model can access a restricted underlying model. This occurs because task endpoints, such as...
Linux Distros Unpatched Vulnerability : CVE-2026-53031
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds...
CVE-2026-53031
A flaw was found in the Linux kernel. The arenaallocpages function within the Berkeley Packet Filter BPF subsystem does not properly validate the nodeid parameter. A local attacker could exploit this vulnerability by supplying an invalid nodeid, which is then used without bounds checking during...
EUVD-2026-38899
In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...
CVE-2026-53031
In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...
CVE-2026-53031 bpf: Validate node_id in arena_alloc_pages()
In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...
CVE-2026-53031
The CVE-2026-53031 issue affects the Linux kernel BPF unit: arena_alloc_pages() accepts a plain int node_id and forwards it through the allocation chain without bounds checks. A fix validates node_id before passing it down, mitigating potential memory corruption that could lead to DoS or instabil...
CVE-2026-53031 bpf: Validate node_id in arena_alloc_pages()
In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...
PT-2026-51925
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF Berkeley Packet Filter subsystem where the arena alloc pages function accepts an integer node id and forwards it through the allocation chain without performin...
CVE-2026-6608
A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...
CVE-2026-48040
The CVE-2026-48040 entry concerns netty-incubator-codec.bhttp prior to 0.0.22.Final, where a fallback path for direct ByteBufs is taken when Unsafe is unavailable. Under these conditions, an unauthenticated network attacker can trigger cryptographic operations via crafted OHTTP requests, causing ...