CVE-2026-54012

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the...

CVE-2026-44206 Frappe: DB Schema Enumeration via Frappe-Authorization-Source

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4...

CVE-2026-44206

Frappe (full-stack web application framework) contains CVE-2026-44206, where DB Schema Enumeration is possible via a vulnerable endpoint prior to versions 15.107.2 and 16.17.4. The issue has been patched in those versions. The CVSS 4.0 base score is 6.9 (MEDIUM) with network attack vector, low co...

Unsafe implementation of fundLoan() allows attacker to steal collateral from an unfunded loan

Handle WatchPug Vulnerability details uint256 treasuryFee = fundsLent ILenderLikelender.treasuryFee paymentInterval paymentsRemaining / uint256365 days 10000; // Transfer delegate fee, if any, to the pool delegate, and decrement drawable funds. uint256 delegateFee = fundsLent...