CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1890 matches found

OSV•added 2026/05/08 7:44 p.m.•3 views

GHSA-3X8W-4F7P-XXC2 Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Redis Cache Keys toolservers and terminalservers Missing Instance Prefix Enable Cross-Instance Cache Poisoning Affected Component Tool server and terminal server Redis cache: - backend/openwebui/utils/tools.py line 841, toolservers SET - backend/openwebui/utils/tools.py line 850, toolservers GET ...

8.7CVSS6AI score0.00037EPSS

Exploits1References3

NVD•added 2026/05/08 2:16 p.m.•5 views

CVE-2026-43310

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...

5.5CVSS0.00014EPSS

Exploits0References2

UbuntuCve•added 2026/05/08 2:16 p.m.•2 views

CVE-2026-43310

5.5CVSS5.8AI score0.00014EPSS

Exploits0References4

OSV•added 2026/05/08 2:16 p.m.•6 views

UBUNTU-CVE-2026-43310

5.5CVSS5.7AI score0.00014EPSS

Exploits0References5

CVE•added 2026/05/08 1:11 p.m.•10 views

CVE-2026-43310

The CVE-2026-43310 issue affects the Linux kernel Verisilicon media driver on the i.MX8MQ platform. It describes a hardware limitation where the g1 VPU and g2 VPU cannot decode H.264 and HEVC simultaneously; doing so can trigger a bus error, producing corrupted video output and potentially causin...

5.5CVSS5.8AI score0.00014EPSS

Exploits0References2Affected Software1

NVD•added 2026/05/08 7:16 a.m.•5 views

CVE-2026-44916

In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...

3CVSS0.00011EPSS

Exploits0References3

EUVD•added 2026/05/08 12:31 a.m.•4 views

EUVD-2026-28451

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

9CVSS6AI score0.00055EPSS

Exploits0References2

EUVD•added 2026/05/08 12:31 a.m.•5 views

EUVD-2026-28448

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

9.9CVSS6AI score0.00071EPSS

Exploits0References2

Positive Technologies•added 2026/05/08 12:0 a.m.•5 views

PT-2026-38679

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 36.0 Description In OpenStack Ironic, the ks template variable within instance info is rendered without sandboxing. Sandboxing is a security mechanism that isolates executing code to prevent it from accessing...

3CVSS5.9AI score0.00011EPSS

Exploits0References16

Positive Technologies•added 2026/05/08 12:0 a.m.•8 views

PT-2026-39269

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Open WebUI fails to apply the REDIS KEY PREFIX to the tool servers and terminal servers keys within the utils/tools.py file. In deployments where multiple instances share a single Redis...

8.7CVSS5.8AI score0.00037EPSS

Exploits1References6

NVD•added 2026/05/07 10:16 p.m.•7 views

CVE-2026-33844

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

9CVSS0.00055EPSS

Exploits0References1

ATTACKERKB•added 2026/05/07 8:58 p.m.•4 views

CVE-2026-33844

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

9CVSS6AI score0.00055EPSS

Exploits0References2

Vulnrichment•added 2026/05/07 8:58 p.m.•4 views

CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

...

9CVSS5.8AI score0.00055EPSS

Exploits0References1

CVE•added 2026/05/07 8:58 p.m.•6 views

CVE-2026-33844

Azure Managed Instance for Apache Cassandra is affected by a vulnerability described as improper input validation that enables an authorized attacker to perform remote code execution over the network. The CVSS v3.1 base score is 9.0 (CRITICAL) with network attack, low complexity, required privile...

9CVSS6.2AI score0.00055EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/07 8:58 p.m.•27 views

CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

...

9CVSS0.00055EPSS

Exploits0References1

ATTACKERKB•added 2026/05/07 8:58 p.m.•5 views

CVE-2026-33109

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

9.9CVSS6AI score0.00071EPSS

Exploits0References2

Cvelist•added 2026/05/07 8:58 p.m.•28 views

CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

...

9.9CVSS0.00071EPSS

Exploits0References1

CVE•added 2026/05/07 8:58 p.m.•12 views

CVE-2026-33109

CVE-2026-33109 affects Azure Managed Instance for Apache Cassandra. The vulnerability is described as improper access control that allows an authenticated, network-adjacent attacker to execute code on the instance. The CVSS 3.1 base score is 9.9 (CRITICAL) with NETWORK attack vector, LOW attack c...

9.9CVSS6AI score0.00071EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/05/07 8:58 p.m.•11 views

CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

...

9.9CVSS5.8AI score0.00071EPSS

Exploits0References1