CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

65 matches found

ATTACKERKB•added 2026/05/15 8:37 p.m.•6 views

CVE-2026-45401

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...

8.5CVSS5.8AI score0.00235EPSS

Exploits1References2Affected Software1

CVE•added 2026/04/08 7:24 p.m.•7 views

CVE-2026-35478

CVE-2026-35478 affects InvenTree Open Source Inventory Management System (versions 0.16.0 through before 1.2.7). The issue allows any authenticated InvenTree user to create a valid API token for any other user (including admins) by supplying the target user’s ID in the POST /api/user/tokens/ requ...

8.3CVSS6AI score0.00303EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/09 9:9 a.m.•5 views

CVE-2019-20731

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120...

6.7CVSS7.3AI score0.00371EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:9 a.m.•7 views

CVE-2019-20740

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R7300 before 1.0.0.70, R8300 before 1.0.2.130, and R8500 before 1.0.2.130...

6.8CVSS7.2AI score0.00443EPSS

Exploits0References1

OSV•added 2025/10/09 9:15 p.m.•3 views

CVE-2025-35053

Newforma Info Exchange NIX accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files with 'NT AUTHORITY\NetworkService' privileges. In Newforma before 2023.1, anonymous access is enabl...

6.4CVSS5.9AI score0.0037EPSS

Exploits0References3