Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

CVE
CVEadded yesterday13 views

CVE-2026-54012

CVE-2026-54012 pertains to Open WebUI. Before version 0.9.6, a user with model-creation/update/import rights could attach forged meta.knowledge entries of type file to their model. The system then trusts these entries as authorization sources, enabling a cross-user read and deletion of private fi...

7.1CVSS6AI score0.00031EPSS
Exploits0References1
CVE
CVEadded yesterday16 views

CVE-2026-54016

CVE-2026-54016 : Open WebUI (self-hosted offline AI platform) suffers a Broken Object Level Authorization in the builtin search_knowledge_files tool. When native function calling is enabled and a model has no attached knowledge bases, an authenticated user can supply an arbitrary knowledge_id and...

4.3CVSS6AI score0.00022EPSS
Exploits0References1
OSV
OSVadded 2025/02/11 11:15 a.m.3 views

CVE-2025-24956

A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...

9.8CVSS6AI score
Exploits0References1
AlpineLinux
AlpineLinuxadded 2025/02/11 10:29 a.m.1 views

CVE-2025-24956

A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...

9.8CVSS7.5AI score0.00369EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/01/06 4:15 a.m.2 views

CVE-2021-46141

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner...

5.5CVSS5.9AI score0.01131EPSS
Exploits1References10
OSV
OSVadded 2022/01/06 4:15 a.m.1 views

DEBIAN-CVE-2021-46142

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax...

5.5CVSS5.5AI score0.01095EPSS
Exploits1References1
OSV
OSVadded 2021/12/16 7:15 p.m.1 views

UBUNTU-CVE-2021-41262

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known...

8.8CVSS7.4AI score0.01051EPSS
Exploits0References4
OSV
OSVadded 2021/12/16 6:15 p.m.1 views

UBUNTU-CVE-2021-41260

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue...

8.8CVSS7.3AI score0.00434EPSS
Exploits0References4
NVD
NVDadded 2006/07/21 2:3 p.m.21 views

CVE-2006-3695

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...

6.8CVSS6.2AI score0.01864EPSS
Exploits0References9
Rows per page
Query Builder