Lucene search
K

2888 matches found

Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-59227 Open WebUI: POST /api/v1/images/edit bypasses the global image-edit switch and the per-user image-generation permission

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to...

4.3CVSS0.00259EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59227

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to...

4.3CVSS6AI score0.00259EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56831

Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.8.11 through 0.9.x Description An issue exists where the 'POST /api/v1/images/edit' endpoint only requires a verified account and fails to enforce the global image-edit switch or per-user image-generation permissions. Thi...

5.4CVSS6.1AI score0.00259EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:32 p.m.8 views

CVE-2026-48947

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/07 5:32 p.m.7 views

EUVD-2026-42069

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 5:32 p.m.33 views

CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 4:51 p.m.11 views

EUVD-2026-22188

Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality...

4.3CVSS5.9AI score0.00227EPSS
Exploits1References2
OSV
OSV
added 2026/07/07 4:51 p.m.7 views

GHSA-VJM7-M4XH-7WRC Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages

Summary Manually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts and allow-same-origin set, ignoring the "iframe Sandbox Allow Same Origin" configuration. This enables stored XSS o...

7.3CVSS6.2AI score0.00198EPSS
Exploits1References4
Fedora
Fedora
added 2026/07/07 12:51 a.m.8 views

[SECURITY] Fedora 44 Update: perl-Imager-1.032-1.fc44

Imager is a module for creating and altering images. It can read and write various image formats, draw primitive shapes like lines,and polygons, blend multiple images together in various ways, scale, crop, render text and more...

7.5CVSS5.9AI score0.00375EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.6 views

PT-2026-56220

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check in the com media webservice endpoints allows privileged users to overwrite media files even if they lack the necessary editing permissions. Recommendations At th...

6.4CVSS6.1AI score0.00197EPSS
Exploits0References6
Fedora
Fedora
added 2026/07/05 12:52 a.m.11 views

[SECURITY] Fedora 43 Update: nextcloud-33.0.6-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

8.7CVSS7.1AI score0.01041EPSS
Exploits8
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.5 views

CVE-2026-26231

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS5.9AI score0.00291EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 9:16 p.m.8 views

CVE-2026-38972

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...

7.8CVSS0.00149EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/07/01 7:3 p.m.6 views

CVE-2026-55597

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26...

5.5CVSS5.9AI score0.00103EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/07/01 6:58 p.m.6 views

CVE-2026-55594

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and...

5.3CVSS5.8AI score0.00241EPSS
Exploits0
NVD
NVD
added 2026/07/01 3:17 p.m.9 views

CVE-2026-5135

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS0.00242EPSS
Exploits0References6
Fedora
Fedora
added 2026/07/01 1:22 a.m.8 views

[SECURITY] Fedora 43 Update: python-jupytext-1.19.4-1.fc43

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

7.5CVSS5.7AI score0.00782EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/06/29 10:56 p.m.7 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00321EPSS
Exploits11References6
RedHat Linux
RedHat Linux
added 2026/06/29 7:55 p.m.5 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS6.1AI score0.00321EPSS
Exploits11References6
RedHat Linux
RedHat Linux
added 2026/06/29 7:54 p.m.5 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS6.1AI score0.00321EPSS
Exploits11References6
Rows per page
Query Builder