CVE-2026-44563 Open WebUI: Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...

CVE-2026-34569

CI4MS is a CodeIgniter 4–based CMS skeleton. Prior to version 0.31.0.0, it fails to sanitize input when creating/editing blog categories, allowing stored XSS via the category title that is rendered unsafely across public blog/category pages and admin views. The issue is fixed in 0.31.0.0. The CVS...

CVE-2024-57777

Directory Traversal vulnerability in Ianproxy v.0.1 and before allows a remote attacker to obtain sensitive information...

UBUNTU-CVE-2013-2126

Multiple double free vulnerabilities in the LibRaw::unpack function in librawcxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service application crash and possibly execute arbitrary code via a malformed full-color 1 Foveon or 2 sRAW image file...