Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.24 views

EUVD-2025-26663

Malicious code in bioql PyPI...

9.6CVSS6.5AI score0.00597EPSS
Exploits1References2
CNNVD
CNNVDadded 2025/07/22 12:0 a.m.2 views

Chaindesk 跨站脚本漏洞

Chaindesk is an AI chatbot for building and deploying private data-based chatbots from Chaindesk, France. A cross-site scripting vulnerability exists in Chaindesk version 2025-05-26 and earlier, which stems from a system prompt in the AI agent that can embed a malicious script payload, leading to...

6.5CVSS5.8AI score0.00435EPSS
Exploits1References3
Snyk
Snykadded 2025/03/20 10:48 a.m.3 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in tooltip content rendering. An attacker can perform operations with the victim's privileges, such as stealing chat history and deleting chats, by convincing the victim to interact...

9.3CVSS5.3AI score0.00553EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2024/08/08 12:31 a.m.26 views

Open WebUI Stored Cross-Site Scripting Vulnerability

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

6.3CVSS6.7AI score0.0062EPSS
Exploits3References3Affected Software1
OSV
OSVadded 2024/08/07 11:15 p.m.6 views

CVE-2024-6706

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

6.1CVSS6.7AI score
Exploits0References3
NVD
NVDadded 2024/08/07 11:15 p.m.18 views

CVE-2024-6706

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

6.3CVSS0.0062EPSS
Exploits3References3
CVE
CVEadded 2024/08/07 11:1 p.m.58 views

CVE-2024-6706

Open WebUI stores Cross-Site Scripting (XSS) vulnerability CVE-2024-6706 in version 0.1.105 on Debian 12. The issue arises when a malicious prompt coerces the language model into executing arbitrary JavaScript in the context of the web page. Connected advisories (KL-001-2024-005; GHSA-5JP3-WP5V-5...

6.3CVSS6.6AI score0.0062EPSS
Exploits3References3Affected Software1
Cvelist
Cvelistadded 2024/08/07 11:1 p.m.30 views

CVE-2024-6706 Open WebUI Stored Cross-Site Scripting

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

0.0062EPSS
Exploits3References1
Vulnrichment
Vulnrichmentadded 2024/08/07 11:1 p.m.18 views

CVE-2024-6706 Open WebUI Stored Cross-Site Scripting

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

6.9AI score0.0062EPSS
Exploits3References1
ThreatPost
ThreatPostadded 2019/02/15 3:27 p.m.130 views

Ultra-Sneaky Phishing Scam Swipes Facebook Credentials

A new phishing attack bent on stealing Facebook credentials has been spotted – and it’s turning researchers’ heads due to how well it hides its malicious intent. Researchers with password management company Myki on Thursday said that attack reproduces a social login prompt in a “very realistic...

0.3AI score
Exploits0References7
Rows per page
Query Builder