Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)

Summary A Server-Side Request Forgery SSRF vulnerability exists in processpictureurl in backend/openwebui/utils/oauth.py line 1338. The function fetches arbitrary URLs from OAuth picture claims without applying validateurl, allowing an attacker to force the server to make HTTP requests to interna...

PT-2026-35449

Name of the Vulnerable Software and Affected Versions authd versions prior to 0.6.4 Description A logic error exists in the primary group ID assignment. When a user's primary group ID GID differs from their user ID UID—occurring if the account was created with versions prior to 0.5.4 or if the...

PT-2022-22320

Name of the Vulnerable Software and Affected Versions tagDiv Composer WordPress plugin versions prior to 3.5 Newspaper WordPress theme versions prior to 12.1 Newsmag WordPress theme versions prior to 5.2.2 Description The issue concerns the improper implementation of the Facebook login feature,...

GHSA-8VQ6-5F66-HP3R Logic error in dolibarr/dolibarr

In dolibarr/dolibarr prior to 16.0 any low privileged users could update their login name which should only be updated by admin...

Logic error in dolibarr/dolibarr

In dolibarr/dolibarr prior to 16.0 any low privileged users could update their login name which should only be updated by admin...