Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/05/15 7:22 p.m.31 views

CVE-2026-45331 Open WebUI: Full SSRF Vulnerability in the RAG Web Search Feature

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validateurl in backend/openwebui/retrieval/web/utils.py calls validators.ipv6ip, private=True, but the validators library does NOT implement the private keyword for IPv6 — the call...

8.5CVSS0.00013EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/15 7:22 p.m.2 views

CVE-2026-45331

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validateurl in backend/openwebui/retrieval/web/utils.py calls validators.ipv6ip, private=True, but the validators library does NOT implement the private keyword for IPv6 — the call...

8.5CVSS5.8AI score0.00013EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2026/05/15 12:0 a.m.5 views

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 had code vulnerabilities. These vulnerabilities stemmed from the validators.ipv6 function in validateurl, which did not implement the private keyword for IPv6. A...

8.5CVSS5.9AI score0.00013EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/03/19 10:6 p.m.3 views

CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

7.4CVSS5.8AI score0.0005EPSS
Exploits0References6
CVE
CVEadded 2026/03/19 10:6 p.m.4 views

CVE-2026-32019

OpenClaw (npm) is affected by CVE-2026-32019 in versions prior to 2026.2.22 due to incomplete IPv4 special-use range validation in isPrivateIpv4(), which can let SSRF bypass protections for RFC-reserved/non-global ranges via web_fetch. Exploitation requires network reachability to those special-u...

7.4CVSS5.8AI score0.0005EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/04 12:0 a.m.3 views

PT-2026-26400

Summary isPrivateIpv4 in bundled SSRF guard code missed several IPv4 special-use/non-global ranges, so web fetch could allow targets that should be blocked by SSRF policy. Affected Packages / Versions - Package: openclaw npm - Latest published affected version: 2026.2.21-2 published 2026-02-21 -...

6.9CVSS5.9AI score0.0005EPSS
Exploits0References10
RedHat Linux
RedHat Linuxadded 2020/12/01 3:26 p.m.0 views

Mozilla: DoH did not filter IPv4 mapped IP Addresses

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding...

6.5CVSS7.3AI score0.00275EPSS
Exploits0References5
Rows per page
Query Builder