Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/08 10:21 p.m.7 views

CVE-2026-42339

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...

8.5CVSS5.8AI score0.00047EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/04/20 12:15 a.m.26 views

CVE-2026-6588 serge-chat serge Model API Endpoint model.py delete_model missing authentication

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function downloadmodel/deletemodel of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched...

6.9CVSS0.00136EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/20 12:0 a.m.1 views

PT-2026-33657

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download model/delete model of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched...

6.9CVSS6.2AI score0.00136EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/01/08 12:0 a.m.2 views

PT-2026-1714

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.4 through 18.5.4 GitLab EE versions 18.6 through 18.6.2 GitLab EE versions 18.7 through 18.7.0 Description An authenticated user could potentially access and utilize AI model settings from unauthorized namespaces. This...

7.1CVSS6.7AI score0.00007EPSS
Exploits0References10
OSV
OSVadded 2025/03/20 12:32 p.m.3 views

GHSA-3P9Q-7W63-3F8Q Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

6.5CVSS8.6AI score0.01344EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2024/02/08 12:0 a.m.1 views

PT-2024-20320 · Zentao · Zentao

Name of the Vulnerable Software and Affected Versions: Zentao versions 18.0 through 18.10 Description: A remote code execution issue was discovered in Zentao, affecting its checkConnection method. The vulnerability can be exploited via the /app/zentao/module/repo/model.php endpoint, allowing for...

9.8CVSS8.1AI score0.04885EPSS
Exploits1References6
Rows per page
Query Builder