Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/15 7:57 p.m.7 views

CVE-2026-44552

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...

8.7CVSS5.8AI score0.00305EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/15 7:57 p.m.56 views

CVE-2026-44552 Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...

8.7CVSS0.00305EPSS
Exploits1References1
OSV
OSV
added 2026/05/15 7:57 p.m.4 views

CVE-2026-44552 Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...

8.7CVSS6AI score0.00305EPSS
Exploits1References3
Snyk
Snyk
added 2025/05/22 7:1 p.m.2 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack due to an insecure non-constant time comparison in DERP server mesh authentication. Note: All Tailscale-operated DERP servers and Tailscale users who operate their own custom DERP servers with more than one server per regi...

6.3CVSS6.9AI score
Exploits0References3
OSV
OSV
added 2024/10/16 1:19 p.m.4 views

MAL-2024-9843 Malicious code in signature-v4-multi-region (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
MSRC
MSRC
added 2019/09/03 7:30 p.m.70 views

Acquiring a VHD to Investigate

In a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating and maintaining a VM image which can be...

1.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/03/14 5:45 p.m.174 views

How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs

Data is the lifeblood of digital businesses, and a key competitive advantage. The question is: how can you store your data cost-efficiently, access it quickly, while abiding by privacy laws? At Imperva, we wanted to store our data for long-term access. Databases would’ve cost too much in disk and...

Exploits0
Rows per page
Query Builder