CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

257 matches found

CVE-2026-54009

CVE-2026-54009 affects Open WebUI prior to 0.9.6. The vulnerability arises in the image_url handling path: convert_url_images_to_base64 calls get_image_base64_from_url without a user context, and get_image_base64_from_url uses Files.get_file_by_id (no ownership check) to retrieve a file by ID. Th...

6.5CVSS5.9AI score0.00028EPSS

Exploits0References1

Github Security Blog•added 6 days ago•12 views

Open WebUI: Stored XSS to Account Takeover via Model Profile Images

Stored XSS to Account Takeover via Model Profile Images in Open WebUI Affected: Open WebUI tags. On the output side, users.py added a MIME allowlist check and X-Content-Type-Options: nosniff. The fix was applied to UserUpdateForm, UpdateProfileForm, and later to ChannelWebhookForm. Three models...

7.6CVSS5.3AI score0.00057EPSS

Exploits0References2Affected Software1

Positive Technologies•added 6 days ago•11 views

PT-2026-50481

Name of the Vulnerable Software and Affected Versions Open-webui affected versions not specified Description An authenticated user can access files belonging to other users by exploiting a lack of ownership verification in the image processing path. When the POST endpoint "/api/chat/completions"...

6.5CVSS5.9AI score0.00028EPSS

Exploits0References5

Vulnrichment•added 2026/06/10 1:55 p.m.•8 views

CVE-2026-53470 Migration-planner: getsourcedownloadurl missing organization check

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

9.6CVSS5.3AI score0.0028EPSS

Exploits0References3

RedhatCVE•added 2026/06/10 1:55 p.m.•7 views

CVE-2026-53470

9.6CVSS5.5AI score0.0028EPSS

Exploits0References4

CNNVD•added 2026/06/10 12:0 a.m.•11 views

Migration assessment 安全漏洞

Migration assessment is an open-source tool developed by KubeV2V for evaluating and providing migration recommendations for VMware environments. There is a security vulnerability in Migration assessment. This vulnerability stems from the /api/v1/sources/id/image-url endpoint, where improper acces...

9.6CVSS5.3AI score0.0028EPSS

Exploits0References1

Positive Technologies•added 2026/06/10 12:0 a.m.•11 views

PT-2026-48394

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachment url' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00201EPSS

Exploits0References7

Positive Technologies•added 2026/06/10 12:0 a.m.•9 views

PT-2026-48444

Name of the Vulnerable Software and Affected Versions migration-planner affected versions not specified Description An improper access control flaw exists in the '/api/v1/sources/id/image-url' endpoint. An authenticated attacker can bypass ownership checks to obtain presigned S3 URLs for Open...

9.6CVSS5.9AI score0.0028EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:50 p.m.•7 views

CVE-2026-7150

A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generatefaviconfromurl of the file src/autofavicon/server.py of the component MCP Tool. The manipulation of the argument imageurl results in server-side request forgery...

6.5CVSS5.9AI score0.00201EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:48 p.m.•6 views

CVE-2026-10661

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS5AI score0.00248EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:46 p.m.•6 views

CVE-2026-33659

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dnsgetrecord but the actual HTTP...

3.5CVSS6.2AI score0.00333EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:33 p.m.•8 views

CVE-2026-45299

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profileimageurl field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is...

5.4CVSS5.6AI score0.00199EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:32 p.m.•7 views

CVE-2026-6604

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

7.5CVSS6.7AI score0.00284EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:28 p.m.•7 views

CVE-2026-4131

The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page wpoadminpage.php lacking nonce generation wpnoncefield and verification wpverifynonce/checkadminreferer. Thi...

6.1CVSS5.4AI score0.00181EPSS

Exploits0References1

NVD•added 2026/06/04 4:16 p.m.•8 views

CVE-2026-43986

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

9.9CVSS0.00262EPSS

Exploits0References2