Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7526 matches found

NVD
NVDadded 2026/04/07 3:17 p.m.1 views

CVE-2026-24660

A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS0.00078EPSS
Exploits1References2
OSV
OSVadded 2026/04/07 3:17 p.m.0 views

DEBIAN-CVE-2026-20884

An integer overflow vulnerability exists in the deflatedngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS5.9AI score0.00078EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/04/07 3:17 p.m.1 views

CVE-2026-24660

A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS6.3AI score0.00078EPSS
Exploits1References4
UbuntuCve
UbuntuCveadded 2026/04/07 3:17 p.m.1 views

CVE-2026-21413

A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS6.1AI score0.00078EPSS
Exploits1References4
OSV
OSVadded 2026/04/07 3:17 p.m.0 views

UBUNTU-CVE-2026-20884

An integer overflow vulnerability exists in the deflatedngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS6.2AI score0.00078EPSS
Exploits1References5
UbuntuCve
UbuntuCveadded 2026/04/07 3:17 p.m.0 views

CVE-2026-20884

An integer overflow vulnerability exists in the deflatedngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS6.2AI score0.00078EPSS
Exploits1References4
OSV
OSVadded 2026/04/07 3:17 p.m.0 views

UBUNTU-CVE-2026-24660

A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS6.2AI score0.00078EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:50 p.m.0 views

CVE-2026-35487

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

5.3CVSS5.9AI score0.00074EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/04/07 2:50 p.m.0 views

EUVD-2026-19672

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

5.3CVSS5.9AI score0.00074EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/07 2:50 p.m.13 views

CVE-2026-35487 text-generation-webui has a Path Traversal in load_prompt() — .txt file read without authentication

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

5.3CVSS0.00074EPSS
Exploits0References1
CVE
CVEadded 2026/04/07 2:50 p.m.5 views

CVE-2026-35487

text-generation-webui (open-source web interface for LLMs) before version 4.3 is affected by an unauthenticated path traversal in load_prompt(), allowing reading any .txt file on the server and returning its contents in the API response. Impact is limited to read access of server-side .txt files;...

5.3CVSS5.9AI score0.00074EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/04/07 2:47 p.m.16 views

CVE-2026-35485 text-generation-webui has a Path Traversal in load_grammar() — arbitrary file read without authentication

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadgrammar allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown value...

7.5CVSS0.0041EPSS
Exploits1References1
CVE
CVEadded 2026/04/07 2:47 p.m.6 views

CVE-2026-35485

CVE-2026-35485 affects text-generation-webui (open-source web interface for LLMs). Before version 4.3, there is an unauthenticated path traversal in load_grammar() that lets an attacker read arbitrary files on the server filesystem without extension restrictions. Gradio dropdown values are not se...

7.5CVSS6AI score0.0041EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/07 2:47 p.m.1 views

CVE-2026-35485 text-generation-webui has a Path Traversal in load_grammar() — arbitrary file read without authentication

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadgrammar allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown value...

7.5CVSS6AI score0.0041EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/07 2:47 p.m.2 views

EUVD-2026-19669

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadgrammar allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown value...

7.5CVSS6AI score0.0041EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:47 p.m.1 views

CVE-2026-35485

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadgrammar allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown value...

7.5CVSS6AI score0.0041EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2026/04/07 2:46 p.m.2 views

CVE-2026-35484

The CVE-2026-35484 issue affects text-generation-webui, an open-source web interface for running LLMs. It describes a path traversal vulnerability in the load_preset() function present before version 4.3, which allows an unauthenticated attacker to read any .yaml file on the server filesystem. Th...

5.3CVSS5.9AI score0.00095EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:46 p.m.2 views

CVE-2026-35484

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadpreset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...

5.3CVSS5.9AI score0.00095EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2026/04/07 2:46 p.m.1 views

EUVD-2026-19667

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadpreset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...

5.3CVSS5.9AI score0.00095EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/07 2:45 p.m.2 views

EUVD-2026-19665

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadtemplate allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem. For .jinja files the...

5.3CVSS5.9AI score0.00095EPSS
Exploits1References1
Rows per page
Query Builder