Lucene search
K

1257 matches found

EUVD
EUVD
added 2026/05/15 7:30 p.m.23 views

EUVD-2026-30613

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.8 views

Fedora 42 : xen (2026-0c9aff64a5)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0c9aff64a5 advisory. oxenstored keeps quota related use counts across domain destruction XSA-483, CVE-2026-23556 Xenstored DoS via XSRESETWATCHES command XSA-484,...

9.4CVSS5.9AI score0.00191EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/13 1:36 a.m.12 views

Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect

Summary An unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. Details...

6.1CVSS5.7AI score0.00203EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/05/13 1:36 a.m.8 views

GHSA-R95X-QFJJ-FJJ2 Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect

Summary An unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. Details...

6.1CVSS5.7AI score0.00203EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.14 views

PT-2026-40589

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.12 Authlib versions prior to 1.7.1 Description An unauthenticated open redirect exists in the authorization endpoint of the OpenIDImplicitGrant and OpenIDHybridGrant components. A remote attacker can cause the...

6.1CVSS5.8AI score0.00203EPSS
Exploits1References188
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

cPanel 安全漏洞

cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has security vulnerabilities, which stem from improper permission authorization checks by team...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017434)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017434 advisory. A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ Ticket Granting Server - Request. An authenticated user could...

6.5CVSS6.4AI score0.02025EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.13 views

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2026:1743-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1743-1 advisory. - Update to Xen 4.20.3 bug fix release bsc1027519 jscPED-8907. - CVE-2025-54505: Floating Point Divider State...

7.8CVSS5.8AI score0.00191EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/05/08 7:52 p.m.9 views

Open WebUI's Model Import Overwrites Any Model Without Ownership Check

Model Import Overwrites Any Model Without Ownership Check Affected Component Model import endpoint: - backend/openwebui/routers/models.py lines 254-308, importmodels Affected Versions Current main branch commit 6fdd19bf1 and likely all versions with model import functionality. Description The POS...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/07 7:15 a.m.4 views

SUSE-SU-2026:1743-1 Security update for xen

This update for xen fixes the following issues: - Update to Xen 4.20.3 bug fix release bsc1027519 jscPED-8907. - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. - CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. - CVE-2026-23558: grant...

7.8CVSS5.8AI score0.00191EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2026/05/07 7:15 a.m.6 views

Security update for xen

This update for xen fixes the following issues: Update to Xen 4.20.3 bug fix release bsc1027519 jscPED-8907. CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. CVE-2026-23558: grant table v...

7.8CVSS5.8AI score0.00191EPSS
Exploits0References16
GithubExploit
GithubExploit
added 2026/05/06 10:28 a.m.135 views

Exploit for Heap-based Buffer Overflow in Mariadb

CVE-2026-32710 Heap buffer overflow in MariaDB JSONSCHEMA...

9.9CVSS6.1AI score0.00856EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/05/05 5:58 p.m.10 views

Codechecker has an authentication bypass for certain API calls

Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6AI score0.00447EPSS
Exploits0References3Affected Software1
SUSE Linux
SUSE Linux
added 2026/05/05 8:3 a.m.11 views

Security update for xen

This update for xen fixes the following issues: CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. CVE-2026-23558: grant table v2 race in status page mapping bsc1262180. Special Instruction...

7.8CVSS5.8AI score0.00191EPSS
Exploits0References12
OSV
OSV
added 2026/05/05 8:3 a.m.4 views

SUSE-SU-2026:1692-1 Security update for xen

This update for xen fixes the following issues: - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. - CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. - CVE-2026-23558: grant table v2 race in status page mapping bsc1262180...

7.8CVSS5.8AI score0.00191EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

Fedora 44 : xen (2026-883e88db68)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-883e88db68 advisory. oxenstored keeps quota related use counts across domain destruction XSA-483, CVE-2026-23556 Xenstored DoS via XSRESETWATCHES command XSA-484,...

9.4CVSS5.9AI score0.00191EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

SUSE SLES15 Security Update : xen (SUSE-SU-2026:1657-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1657-1 advisory. - CVE-2025-54505: floating point divider state sampling on AMD CPUs AMD-SN-7053 bsc1262428. - CVE-2026-23557: Xenstored DoS via...

7.8CVSS5.8AI score0.00191EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.5 views

Fedora 43 : xen (2026-78cd69d9ae)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-78cd69d9ae advisory. oxenstored keeps quota related use counts across domain destruction XSA-483, CVE-2026-23556 Xenstored DoS via XSRESETWATCHES command XSA-484,...

9.4CVSS5.9AI score0.00191EPSS
Exploits0References5
OSV
OSV
added 2026/04/29 11:6 a.m.2 views

SUSE-SU-2026:1657-1 Security update for xen

This update for xen fixes the following issues: - CVE-2025-54505: floating point divider state sampling on AMD CPUs AMD-SN-7053 bsc1262428. - CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. - CVE-2026-23558: grant table v2 race in status page mapping bsc1262180...

7.8CVSS5.2AI score0.00191EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2026/04/29 11:6 a.m.5 views

Security update for xen

This update for xen fixes the following issues: CVE-2025-54505: floating point divider state sampling on AMD CPUs AMD-SN-7053 bsc1262428. CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. CVE-2026-23558: grant table v2 race in status page mapping bsc1262180. Special Instruction...

7.8CVSS5.2AI score0.00191EPSS
Exploits0References12
Rows per page
Query Builder