Lucene search
K

1355 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/21 7:29 p.m.6 views

CVE-2026-4843

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in ofono

A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was triggered within the decodesubmitreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through...

8.1CVSS7.1AI score0.01149EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in libonig

A issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function fetchintervalquantifier formerly known as fetchrangequantifier in regparse.c, PFETCH is called without checking PEND. This leads to a buffer overflow issue based on the heap mechanism...

7.5CVSS6.9AI score0.06889EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in ofono

A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was triggered within the decodedeliverreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through...

8.1CVSS7.2AI score0.00936EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in ofono

A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug occurs within the decodedeliver function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through SMS. There i...

8.1CVSS7.1AI score0.0124EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/05/20 12:0 a.m.13 views

CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.0078EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/19 4:43 a.m.7 views

CVE-2026-32994

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

5.3CVSS6.1AI score0.00252EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 1:30 p.m.7 views

GHSA-VPFX-PXQW-2W79 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`

CVE-2026-43881 fix d9cdc7024 patched users.json.php only. The same anti-pattern survives at master HEAD in: objects/mention.json.php:17 $ignoreAdmin = true; objects/mention.json.php:18 $users = User::getAllUsers$ignoreAdmin, 'name', 'email', 'user', 'channelName', 'a'; No User::loginCheck, no adm...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References4
NVD
NVD
added 2026/05/18 7:16 a.m.21 views

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 6:0 a.m.48 views

CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.15 views

PT-2026-41804

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A stack overflow can occur during the fx operation when a crafted argument is passed, resulting from a missing depth check. Recommendations At the moment, there ...

7.8CVSS5.8AI score0.00495EPSS
Exploits0References112
Cvelist
Cvelist
added 2026/05/15 7:49 p.m.59 views

CVE-2026-44554 Open WebUI: Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collectionname and an overwrite query parameter default: True. It performs no authorization check on whether t...

8.1CVSS0.00295EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 7:41 p.m.13 views

CVE-2026-44559 Open WebUI: Missing Access Check on Channel Members Endpoint for Standard Channels

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/id/members endpoint only checks membership for group and dm channel types lines 467-469. For standard channels — including private ones — there is no...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 7:28 p.m.9 views

CVE-2026-44563 Open WebUI: Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/15 3:16 p.m.10 views

CVE-2026-8669

Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match...

6.5CVSS5.8AI score0.00321EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/15 1:31 p.m.8 views

CVE-2026-8669

Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match...

6.5CVSS5.9AI score0.00321EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 10:57 a.m.10 views

EUVD-2026-30535

Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 8:15 p.m.11 views

Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file

Summary A missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. Details All files/ related endpoints lack permission checks. Listing all files For example, let's see how file listing ...

8.1CVSS5.8AI score0.00273EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.27 views

PT-2026-41187

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An Insecure Direct Object Reference IDOR exists in the Channels feature, which allows any member of a channel to modify messages sent by other members, including administrators. In the update...

4.3CVSS5.8AI score0.00204EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.18 views

PT-2026-41201

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description An authorization bypass allows any authenticated user to permanently delete files owned by other users. This occurs when a target file is referenced in any shared chat, as the has access to file...

8CVSS5.8AI score0.0027EPSS
Exploits1References10
Rows per page
Query Builder