CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/15 2:48 a.m.•31 views

EUVD-2023-35620

CVE•added 2026/05/15 2:48 a.m.•18 views

CVE-2023-31309

CVE-2023-31309 describes an improper validation vulnerability in AMD's Power Management Firmware (PMFW). The issue allows a user with privileges to pass malformed workload arguments when exporting table data from the System Management Unit (SMU) to DRAM, potentially causing loss of confidentialit...

ATTACKERKB•added 2026/05/15 2:48 a.m.•13 views

CVE-2023-31309

Cvelist•added 2026/05/15 2:48 a.m.•64 views

CVE-2023-31309

6.8CVSS0.00112EPSS

CNNVD•added 2026/05/15 12:0 a.m.•9 views

AMD Radeon 输入验证错误漏洞

AMD Radeon is a set of device driver and utility software developed by American semiconductor company AMD, used for Advanced Micro Devices graphics cards and GPUs. AMD Radeon has a vulnerability related to input validation. This vulnerability arises from improper validation, which may allow...

CNNVD•added 2026/05/15 12:0 a.m.•9 views

magento-lts 安全漏洞

Magento LTS is an open-source alternative to OpenMage, and it’s a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities; these vulnerabilities stemmed from reflection-type cross-site scripting vulnerabilities in the data...

5.3CVSS5.7AI score0.00258EPSS

Positive Technologies•added 2026/05/15 12:0 a.m.•14 views

PT-2026-41296

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

10CVSS6AI score0.00648EPSS

Exploits0References3

CNNVD•added 2026/05/15 12:0 a.m.•8 views

DHTMLX Diagram 路径遍历漏洞

DHTMLX Diagram is a JavaScript chart component developed by DHTMLX Corporation that supports interactive organizational charts, flowcharts, mind maps, and other chart types. Versions of DHTMLX Diagram prior to 1.1.1 had a path traversal vulnerability. This vulnerability stemmed from path traversa...

9.2CVSS5.8AI score0.00397EPSS

CNNVD•added 2026/05/15 12:0 a.m.•9 views

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.5.11 have code vulnerabilities. These vulnerabilities stem from the PDF export feature, where user input is interpreted as HTML and embedded in PDFs. Additionally,...

5.4CVSS5.9AI score0.00186EPSS

Exploits1References2

Positive Technologies•added 2026/05/15 12:0 a.m.•8 views

PT-2026-41295

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF...

9.2CVSS5.8AI score0.00497EPSS

Exploits0References3

Positive Technologies•added 2026/05/15 12:0 a.m.•9 views

PT-2026-41239

Positive Technologies•added 2026/05/15 12:0 a.m.•7 views

PT-2026-41297

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1...

9.2CVSS5.8AI score0.00397EPSS

Exploits0References4

Snyk•added 2026/05/14 9:23 p.m.•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the export process. An attacker can write files to arbitrary locations on the filesystem by uploading an asset with a crafted filename containing directory traversal sequences and then triggering an administrator...

8.6CVSS6.3AI score0.00495EPSS

Snyk•added 2026/05/14 9:23 p.m.•6 views

Directory Traversal

8.6CVSS6.3AI score0.00495EPSS

OSV•added 2026/05/14 8:22 p.m.•8 views

GHSA-F776-FP4W-266C Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF generate function

Summary Blind server side request forgery SSRF via the PDF generate function. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on Ope...

4.3CVSS5.9AI score0.00186EPSS

Exploits1References5

Github Security Blog•added 2026/05/14 8:22 p.m.•8 views

Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF generate function

5.4CVSS5.9AI score0.00186EPSS

Exploits1References5Affected Software1

Snyk•added 2026/05/14 8:22 p.m.•7 views

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the pdf generate process. An attacker can cause the server to initiate arbitrary outbound HTTP requests by injecting crafted HTML, such as an tag, into user-controllable...

5.4CVSS5.9AI score0.00186EPSS

Exploits1References2

NVD•added 2026/05/14 7:16 p.m.•31 views

CVE-2026-44522

Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/noteID/assets, where the asset filename is provided through the X-Name HTTP request header. This value is stored...

8.6CVSS0.00495EPSS

Vulnrichment•added 2026/05/14 6:44 p.m.•8 views

CVE-2026-44522 Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leading to Remote Code Execution

8.6CVSS6AI score0.00495EPSS