Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded last week9 views

CVE-2026-53805

NVIDIA Spatial Intelligence Lab's SIL GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads without authentication or input validation...

9.8CVSS0.00685EPSS
Exploits0References4
Veracode
Veracodeadded 2026/06/11 5:38 a.m.9 views

Arbitrary File Write

open-webui/open-webui is vulnerable to an arbitrary file write. The vulnerability is due to improper handling of file paths in the downloadmodel endpoint on Windows, which allows an attacker to manipulate file paths and write files to arbitrary locations on the server...

7.2CVSS6.7AI score0.01125EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/08 10:21 p.m.11 views

CVE-2026-42339

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...

8.5CVSS5.8AI score0.00259EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/04/20 12:15 a.m.30 views

CVE-2026-6588 serge-chat serge Model API Endpoint model.py delete_model missing authentication

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function downloadmodel/deletemodel of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched...

6.9CVSS0.00433EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/20 12:0 a.m.3 views

PT-2026-33657

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download model/delete model of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched...

6.9CVSS6.2AI score0.00433EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/01/08 12:0 a.m.3 views

PT-2026-1714

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.4 through 18.5.4 GitLab EE versions 18.6 through 18.6.2 GitLab EE versions 18.7 through 18.7.0 Description An authenticated user could potentially access and utilize AI model settings from unauthorized namespaces. This...

7.1CVSS6.7AI score0.0028EPSS
Exploits0References10
OSV
OSVadded 2025/03/20 12:32 p.m.5 views

GHSA-3P9Q-7W63-3F8Q Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

6.5CVSS8.6AI score0.01125EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2024/02/08 12:0 a.m.3 views

PT-2024-20320 · Zentao · Zentao

Name of the Vulnerable Software and Affected Versions: Zentao versions 18.0 through 18.10 Description: A remote code execution issue was discovered in Zentao, affecting its checkConnection method. The vulnerability can be exploited via the /app/zentao/module/repo/model.php endpoint, allowing for...

9.8CVSS8.1AI score0.01274EPSS
Exploits1References6
Rows per page
Query Builder