CVE-2026-29071

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection. Version 0.8.6 patches the issue...

GHSA-W9F8-GXF9-RHVW Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories

Summary Any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection Details Vulnerability 1: Missing authorization in collection querying In backend/openwebui/routers/retrieval.py, the querycollectionhandler function accepts a list of collectionnames but...

CVE-2026-29071

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection. Version 0.8.6 patches the issue...

From Storage to Steering: Memory Control Flow Attacks on LLM Agents

Modern agentic systems allow Large Language Model LLM agents to tackle complex tasks through extensive tool usage, forming structured control flows of tool selection and execution. Existing security analyses often treat these control flows as ephemeral, one-off sessions, overlooking the persisten...

EUVD-2016-7369

Malware in sbrugna...

EUVD-2019-3130

Malware in sbrugna...

EulerOS 2.0 SP8 : shadow-utils (EulerOS-SA-2024-1298)

According to the versions of the shadow-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second...

EulerOS Virtualization 2.11.0 : shadow (EulerOS-SA-2023-3385)

According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on t...

EulerOS Virtualization 2.9.1 : shadow (EulerOS-SA-2024-1048)

According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on t...

EulerOS 2.0 SP9 : shadow (EulerOS-SA-2023-3350)

According to the versions of the shadow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second...

Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2024-1048)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Default credentials

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2023-3512)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : shadow-utils, shadow-utils-subid, shadow-utils-subid-devel (ALAS2023-2023-450)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-450 advisory. A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to sto...

Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2023-3385)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 9 : shadow-utils (ELSA-2023-6632)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6632 advisory. 2:4.9-8 - gpasswd: fix password leak. Resolves: 2215948 2:4.9-7 - useradd: check if subid range exists for user. Resolves: 2179987 - findnewguid: Skip over IDs...

Rockwell Automation Stratix 5900 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-6415)

A vulnerability in Internet Key Exchange version 1 IKEv1 packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is d...

Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2023-3043)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2023-3020)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : shadow (SUSE-SU-2023:4027-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4027-1 advisory. - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the secon...