Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

54742 matches found

OSV
OSVadded 2026/01/23 6:31 a.m.5 views

GHSA-3966-F6P6-2QR9 Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Duplicate Advisory This advisory has been withdrawn because describes a dependency bump and therefore, per CVE CNA rule 4.1.12, is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939issuecomment-3862719883, npm cli should not be listed as an...

7CVSS7.4AI score0.00248EPSS
Exploits0References4
Snyk
Snykadded 2026/01/23 5:8 a.m.7 views

Arbitrary Code Injection

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary Code Injection via the loadtoolmodulebyid function in the utils/plugin.py file. An attacker can execute arbitrary code in the context of the service account by supplying a crafted string that is not...

8.8CVSS8.6AI score0.27227EPSS
Exploits1References2
OSV
OSVadded 2026/01/23 4:16 a.m.4 views

CVE-2026-0787

ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific fl...

9.8CVSS6.4AI score0.01278EPSS
Exploits0References1
NVD
NVDadded 2026/01/23 4:16 a.m.12 views

CVE-2026-0787

ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific fl...

9.8CVSS0.01278EPSS
Exploits0References1
NVD
NVDadded 2026/01/23 4:16 a.m.5 views

CVE-2026-0776

Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.3CVSS0.0036EPSS
Exploits1References1
NVD
NVDadded 2026/01/23 4:16 a.m.6 views

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7CVSS0.00248EPSS
Exploits0References1
NVD
NVDadded 2026/01/23 4:16 a.m.9 views

CVE-2026-0766

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS0.27227EPSS
Exploits1References1
OSV
OSVadded 2026/01/23 4:16 a.m.7 views

CVE-2026-0766

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS6.3AI score
Exploits0References1
OSV
OSVadded 2026/01/23 4:16 a.m.5 views

UBUNTU-CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7CVSS6.1AI score0.00248EPSS
Exploits0References3
CVE
CVEadded 2026/01/23 3:29 a.m.32 views

CVE-2026-0776

CVE-2026-0776 concerns the Discord Client and its discord_rpc module , where an uncontrolled search path element allows a local attacker to escalate privileges. The flaw occurs when the client loads a file from an unsecured location, enabling the attacker to run code with the privileges of the ta...

7.3CVSS6.2AI score0.0036EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/01/23 3:29 a.m.5 views

CVE-2026-0776 Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.3CVSS6.2AI score0.0036EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/01/23 3:29 a.m.2 views

CVE-2026-0776

Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.3CVSS6.1AI score0.0036EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/23 3:29 a.m.4 views

CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7CVSS6.2AI score0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/01/23 3:29 a.m.7 views

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7CVSS6.1AI score0.00248EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/01/23 3:29 a.m.33 views

CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7CVSS0.00248EPSS
Exploits0References1
CVE
CVEadded 2026/01/23 3:29 a.m.33 views

CVE-2026-0775

The CVE-2026-0775 entry concerns npm cli. Affected component: the module-loading path in npm cli, where modules are loaded from an unsecured location. Root cause: incorrect permission assignment that allows a local attacker who can run low-privileged code to escalate privileges and execute arbitr...

7CVSS6.2AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/01/23 3:28 a.m.30 views

CVE-2026-0766 Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS0.27227EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/01/23 3:28 a.m.6 views

CVE-2026-0766 Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS6.5AI score0.27227EPSS
Exploits1References1
CVE
CVEadded 2026/01/23 3:28 a.m.35 views

CVE-2026-0766

Open WebUI contains a vulnerability in load_tool_module_by_id that allows remote code execution via command injection. The flaw comes from insufficient validation of a user-supplied string before it is used to execute Python code, enabling an attacker to run arbitrary code in the service account’...

8.8CVSS6.5AI score0.27227EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/01/23 3:1 a.m.34 views

CVE-2026-0787 ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific fl...

8.1CVSS0.01278EPSS
Exploits0References1
Rows per page
Query Builder