4 matches found
CVE-2026-59213
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...
DoS (Denial of Service) io.netty:netty-codec Dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows a...
DoS (Denial of Service) glob-parent Dependency in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, and 11.2.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector o...
CVE-2026-25537 jsonwebtoken has Type Confusion that leads to potential authorization bypass
jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...