CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

CVE-2026-45387

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may...

4.3CVSS5.4AI score0.00026EPSS

Exploits1References1

NVD•added 2026/05/15 9:16 p.m.•5 views

CVE-2026-45387

4.3CVSS0.00026EPSS

Exploits1References1

ATTACKERKB•added 2026/05/15 8:32 p.m.•4 views

CVE-2026-45387

4.3CVSS5.8AI score0.00026EPSS

Exploits1References2Affected Software1

Github Security Blog•added 2026/05/14 8:26 p.m.•8 views

Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)

Summary When setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may consider their system prompt confidential, so we consider this a security issue. Compare...

4.3CVSS5.8AI score0.00026EPSS

Exploits1References4Affected Software1

SUSE Linux•added 2026/05/07 7:0 a.m.•10 views

Security update for python-Django

This update for python-Django fixes the following issues CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header variants in ASGIRequest requests bsc1261729. CVE-2026-4277: permissions on inline model instances were not validated on submission of forged POST data in...

6.9CVSS5.8AI score0.00051EPSS

Exploits1References32

SUSE CVE•added 2026/04/08 11:30 p.m.•2 views

SUSE CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.4CVSS5.8AI score0.00022EPSS

Exploits0References4

EUVD•added 2026/04/07 3:30 p.m.•2 views

EUVD-2026-19687

5.8AI score0.00022EPSS

Exploits0References4

OSV•added 2026/04/07 3:17 p.m.•4 views

DEBIAN-CVE-2026-4277

9.8CVSS5.2AI score0.00022EPSS

Exploits0References1

NVD•added 2026/04/07 3:17 p.m.•0 views

CVE-2026-4277

9.8CVSS0.00022EPSS

Exploits0References3

Cvelist•added 2026/04/07 2:22 p.m.•14 views

CVE-2026-4277 Privilege abuse in GenericInlineModelAdmin

0.00022EPSS

Exploits0References3

ATTACKERKB•added 2026/04/07 2:22 p.m.•3 views

CVE-2026-4277

5.8AI score0.00022EPSS

Exploits0References4Affected Software1

OSV•added 2026/04/07 2:0 p.m.•1 views

UBUNTU-CVE-2026-4277

9.8CVSS5.8AI score0.00022EPSS

Exploits0References5

Positive Technologies•added 2026/04/07 12:0 a.m.•2 views

PT-2026-30869

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.3, 5.2 through 5.2.12, and 4.2 through 4.2.29 Description A flaw exists in the permission validation process for inline model instances within GenericInlineModelAdmin when handling forged POST data. This could...

9.8CVSS5.8AI score0.00049EPSS

Exploits1References31

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-20665

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.02323EPSS

Exploits1References7

Veracode•added 2025/07/18 12:10 p.m.•2 views

Remote Code Execution (RCE)

github.com/juju/juju is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient authorization checks caused by allowing any authenticated controller user to upload arbitrary agent binaries to any model or the controller without verifying model membership or permissions...

8.8CVSS6.8AI score0.02323EPSS

Exploits1References6Affected Software1

Vulnrichment•added 2024/05/30 6:44 p.m.•17 views

CVE-2024-35228 Improper Handling of Insufficient Permissions in Wagtail

Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eve...

5.5CVSS6.7AI score0.0016EPSS

Exploits0References2

OpenVAS•added 2009/11/13 12:0 a.m.•30 views

Sun Java JRE Remote Code Execution Vulnerability (Linux)

This host is installed with Sun Java JRE and is prone to Remote Code Execution Vulnerability. OpenVAS Vulnerability Test $Id: gbsunjavajrecodeexevulnlin.nasl 7699 2017-11-08 12:10:34Z santu $ Sun Java JRE Remote Code Execution Vulnerability Linux Authors: Nikita MR Copyright: Copyright c 2009...

9.3CVSS0.8AI score0.05655EPSS

Exploits1References3

Prion•added 2009/11/05 4:30 p.m.•19 views

Code injection

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an...

9.3CVSS7.6AI score0.05655EPSS

Exploits1References19Affected Software2