phpVMS 8 访问控制错误漏洞

phpVMS 8 is an open-source aviation simulation and flight management application based on Laravel. Prior to version 7.0.6 of phpVMS, there was a access control vulnerability that stemmed from allowing unauthorized access to the legacy import feature...

CVE-2026-41936

Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated siteadmin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...

Open WebUI's Model Import Overwrites Any Model Without Ownership Check

Model Import Overwrites Any Model Without Ownership Check Affected Component Model import endpoint: - backend/openwebui/routers/models.py lines 254-308, importmodels Affected Versions Current main branch commit 6fdd19bf1 and likely all versions with model import functionality. Description The POS...

GHSA-MQQ6-CQCX-38VG Open WebUI's Model Import Overwrites Any Model Without Ownership Check

Model Import Overwrites Any Model Without Ownership Check Affected Component Model import endpoint: - backend/openwebui/routers/models.py lines 254-308, importmodels Affected Versions Current main branch commit 6fdd19bf1 and likely all versions with model import functionality. Description The POS...

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization through the importmodels process. An attacker can overwrite existing models owned by other users, modify their configuration, and escalate access by submitting crafted payloads to the...

GHSA-9VVH-QMJX-P4Q8 Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining

Base Model Routing Bypasses Access Control via Model Chaining Affected Component Model chaining via basemodelid: - backend/openwebui/routers/models.py lines 170-214, createnewmodel - backend/openwebui/routers/models.py lines 254-308, importmodels - backend/openwebui/main.py lines 1696-1711, base...

Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining

Base Model Routing Bypasses Access Control via Model Chaining Affected Component Model chaining via basemodelid: - backend/openwebui/routers/models.py lines 170-214, createnewmodel - backend/openwebui/routers/models.py lines 254-308, importmodels - backend/openwebui/main.py lines 1696-1711, base...

CVE-2026-44334

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...

CVE-2026-44334

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...

CLSA-2026-1778218633 jasper: Fix of 3 CVEs

Add Amazon Linux 2 ELS support mirrors centos7els branch with .amzn2 dist via / leapfrog over stock 1.900.1-33.amzn2.0.1 - Import CVE-2020-27828 patch from amzn2 stock SRPM out-of-bounds write in jpc encoder; jasper-2.0.14-CVE-2020-27828.patch - Import CVE-2021-3443 patch from amzn2 stock SRPM...

SUSE CVE-2026-40195

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...

SUSE CVE-2026-40197

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

PT-2026-39272

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Open WebUI allows model composition through the base model id variable, where a user-defined model can reference a base model for inference. An access control flaw exists because the system verifi...

PT-2026-39279

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The 'POST /api/v1/models/import' endpoint allows users with the workspace.models import permission to overwrite any existing model in the database, regardless of ownership. When an imported model'...

📄 WordPress CatFolders 2.5.2 SQL Injection

WordPress CatFolders plugin versions 2.5.2 and below suffer from a remote SQL injection vulnerability. CVE-2025-9776: Authenticated SQL Injection in CatFolders WordPress Plugin Keywords: CVE-2025-9776, CatFolders WordPress vulnerability, SQL injection WordPress, authenticated SQL injection,...

PT-2026-38908

Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderController.GetImage endpoint is decorated with AllowAnonymous, allowing completely unauthenticated access to page images from any chapter in any library. While the endpoint accepts an apiKey parameter, it is never validated. Sin...

PT-2026-38909

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

CVE-2026-41684

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

CVE-2026-41654 Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...

CVE-2026-41654

CVE-2026-41654 – Weblate SSRF via project backup import . Weblate before 5.17.1 allows an authenticated user with the project.add permission to import a crafted project backup ZIP. If components/.json contains an attacker-chosen repo URL pointing to a private address (e.g., http://127.0.0.1:9999/...