Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/05/18 7:58 p.m.11 views

CVE-2026-44557

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the validatecollectionaccess function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory- and file- patterns. All other collection...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/15 7:44 p.m.12 views

EUVD-2026-30620

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the validatecollectionaccess function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory- and file- patterns. All other collection...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/15 7:44 p.m.7 views

CVE-2026-44557

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the validatecollectionaccess function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory- and file- patterns. All other collection...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2026/05/15 7:44 p.m.16 views

CVE-2026-44557

Open WebUI before v0.9.0 is vulnerable to global knowledge-base enumeration through the retrieval query endpoints. The _validate_collection_access function uses an incomplete allowlist that only enforces ownership for collections starting with user-memory- or file-, allowing any authenticated use...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/09/14 4:25 p.m.4 views

CVE-2025-39797

In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRMMSGALLOCSPI Netlink message, which triggers the kernel function xfrmallocspi. This function is expected to ensure uniqueness of the Security...

6.1AI score0.00147EPSS
Exploits0References1
Code423n4
Code423n4added 2022/03/09 12:0 a.m.14 views

[WP-H4] anchor_basset_reward pending yields can be stolen

Lines of code Vulnerability details For yield farming aggregators, if the pending yield on an underlying strategy can be harvested and cause a surge of rewards to all existing investors, especially if the harvest can be triggered permissionlessly. Then the attacker can amplify the attack using a...

6.7AI score
Exploits0
Code423n4
Code423n4added 2022/03/09 12:0 a.m.10 views

bEth Rewards May Be Depleted By Flashloans or Whales

Lines of code Vulnerability details Impact Rewards are dispersed to users as a percentage of the user's balance vs total balance of bEth. Rewards are accumulated each time a user calls executedecreasebalance, executeincreasebalance or executeclaimrewards as these functions will in term call...

6.7AI score
Exploits0
Code423n4
Code423n4added 2022/03/08 12:0 a.m.14 views

Rewards can be stolen from contract

Lines of code Vulnerability details It was observed that executeclaimrewards/executedecreasebalance/executeincreasebalance are missing to update the global index before calculating user rewards in anchorbassetreward contract This can lead to serious consequences: 1. executeincreasebalance functio...

6.8AI score
Exploits0
Rows per page
Query Builder