CVE-2026-45345

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This...

EUVD-2025-7129

Malicious code in bioql PyPI...

EUVD-2025-7105

Malicious code in bioql PyPI...

Backdoor Attacks and Defenses in Computer Vision Domain: a Survey

Backdoor trojan attacks embed hidden, controllable behaviors into machine-learning models so that models behave normally on benign inputs but produce attacker-chosen outputs when a trigger is present. This survey reviews the rapidly growing literature on backdoor attacks and defenses in the...

lunary PATCH Endpoint Authorization Issue Vulnerability

lunary is lunary open source a production toolkit for LLM . lunary has an authorization problem vulnerability , the vulnerability stems from improper management of PATCH endpoint privileges , an attacker can use this vulnerability to cause low-privilege users to modify others' models...

CVE-2024-10273

In lunary-ai/lunary v1.5.0, improper privilege management in the models.ts file allows users with viewer roles to modify models owned by others. The PATCH endpoint for models does not have appropriate privilege checks, enabling low-privilege users to update models they should not have access to...