Lucene search
K

222 matches found

EUVD
EUVD
added 3 days ago9 views

EUVD-2026-41129

API Platform Core vulnerable to cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate...

5.9CVSS6.1AI score0.00197EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-59213

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

5CVSS0.00273EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-59213

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

3.5CVSS6AI score0.00273EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42629

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

3.5CVSS6AI score0.00273EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.6 views

undici: Undici: Information disclosure due to improper cache-control header parsing

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

5.9CVSS5.9AI score0.00374EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/05 12:28 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
NVD
NVD
added 2026/07/05 11:16 a.m.10 views

CVE-2026-14738

A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function imagecachekey of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high...

6.3CVSS0.00208EPSS
Exploits0References7
NVD
NVD
added 2026/07/05 11:16 a.m.10 views

CVE-2026-14742

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS0.0016EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 10:45 a.m.40 views

CVE-2026-14742 langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS0.0016EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 10:45 a.m.13 views

CVE-2026-14742

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS5AI score0.0016EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/07/05 10:45 a.m.8 views

EUVD-2026-41747

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS5AI score0.0016EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 10:15 a.m.29 views

CVE-2026-14738 exo-explore exo Vision Feature Cache vision.py _image_cache_key weak hash

A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function imagecachekey of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high...

6.3CVSS0.00208EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 10:15 a.m.7 views

CVE-2026-14738

A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function imagecachekey of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high...

6.3CVSS5.2AI score0.00208EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/07/05 10:15 a.m.13 views

CVE-2026-14738

Technical details are not publicly available in the provided documents; monitor for updates.

6.3CVSS5.2AI score0.00208EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.11 views

PT-2026-55786

Name of the Vulnerable Software and Affected Versions exo-explore exo versions prior to 1.0.72 Description A security flaw exists in the Vision Feature Cache component within the image cache key function of the src/exo/worker/engines/mlx/vision.py file. The issue involves the use of a weak hash,...

6.3CVSS5.8AI score0.00208EPSS
Exploits0References11
NVD
NVD
added 2026/07/01 8:17 p.m.4 views

CVE-2026-49858

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...

5.9CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:24 p.m.25 views

CVE-2026-49858

API Platform Core contains a cross-user attribute leak in JSON:API and HAL item normalizers due to a missing isCacheKeySafe gate. Affected versions: 2.6.0 up to 4.1.28, 4.2.25, and 4.3.11 (i.e., before 4.1.29, 4.2.26, 4.3.12). Root cause: componentsCache arrays are keyed on $context['cache_key'] ...

5.9CVSS5.7AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 7:24 p.m.36 views

CVE-2026-49858 API Platform Core: Cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...

5.9CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-390 LiteLLM: Authentication bypass via OIDC userinfo cache key collision

Impact When JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. A...

9.4CVSS5.8AI score0.0049EPSS
Exploits1References5
CVE
CVE
added 2026/06/29 6:0 a.m.9 views

CVE-2026-10083

The CVE concerns the APCu Manager WordPress plugin prior to version 4.5.0. The root cause is that APCu object-cache keys are not escaped before rendering in an admin page, enabling a Stored XSS when a persistent object cache is used. Cache keys derived from unsanitised user input (e.g., a transie...

7.5CVSS6AI score0.00204EPSS
Exploits0References1
Rows per page
Query Builder