GHSA-7R82-QHG4-6WVJ Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite

Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite Affected Component Retrieval web/YouTube processing endpoints: - backend/openwebui/routers/retrieval.py lines 1810-1837, processweb - backend/openwebui/routers/retrieval.py the parallel processyoutube endpoint -...

BlueCMS 安全漏洞

BlueCMS is a content management system CMS based on PHP and MySQL. A security vulnerability exists in BlueCMS version 1.6, which originates from arbitrary file deletion via the filename parameter in the /admin/database.php?act=del request...

phpyun多漏洞组合写shell(有条件限制)

简要描述： phpyun多漏洞组合写shell有条件限制 详细说明： 1. Phpyun的后台基本都有token。 之所以说基本，是因为还漏掉了一个关键的地方。 Phpyun的管理员帐号密码都在phpyunadminuser表中。 用上面的方法进行备份，是没有token的 限制条件 http://wooyun.org/bugs/wooyun-2014-064004 感谢u神 然后如下。 2. 好的，再来说如果实现上面这个get的问题。 我们注册一个企业用户。 然后在添加一个表情，然后修改图片属性，地址。...

CVE-2004-1828

CVE-2004-1828 affects Vcard 2.9 (and possibly other versions). The flaw is that uninstall.php does not require authorization, enabling remote attackers to trigger uninstall and delete database tables via a direct request. The NVD entry lists a base score of 5.0 (Medium) with network access, low a...