Lucene search
K

848 matches found

CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

AnythingLLM 安全漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a security vulnerability. This vulnerability stemmed from mobile device tokens created in single-user mode being accepted after migration to multi-user mode, without any user...

2CVSS5.8AI score0.00219EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.15 views

Security, Privacy, and Ethical Risks in OpenClaw

This paper systematically investigates the security, privacy, and ethical risks, as well as the traceability challenges of OpenClaw, a locally executable AI agent system for natural language interaction and real-world task completion. While OpenClaw shows strong potential for personal assistance,...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/05/21 3:17 a.m.13 views

[SECURITY] Fedora 42 Update: mysql8.0-8.0.46-1.fc42

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

6.5CVSS7.3AI score0.00323EPSS
Exploits0
Fedora
Fedora
added 2026/05/21 3:17 a.m.19 views

[SECURITY] Fedora 42 Update: mysql8.4-8.4.9-1.fc42

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

6.5CVSS7.3AI score0.00323EPSS
Exploits0
Fedora
Fedora
added 2026/05/21 1:28 a.m.13 views

[SECURITY] Fedora 43 Update: mysql8.0-8.0.46-1.fc43

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

6.5CVSS7.3AI score0.00323EPSS
Exploits0
Fedora
Fedora
added 2026/05/21 12:57 a.m.15 views

[SECURITY] Fedora 44 Update: mysql8.4-8.4.9-1.fc44

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

6.5CVSS7.3AI score0.00323EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/16 1:57 a.m.18 views

CVE-2026-44504

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS6AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 8:16 p.m.43 views

CVE-2026-45399

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...

7.1CVSS0.0027EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:18 p.m.10 views

CVE-2026-45399

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/15 7:18 p.m.29 views

EUVD-2026-30608

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 7:18 p.m.27 views

CVE-2026-45399

Open WebUI CVE-2026-45399 describes a broken authorization gap in multi-user deployments: before release 0.9.0, authenticated, low-privilege users could enumerate and stop global background tasks via GET /api/tasks and POST /api/tasks/stop/{task_id}, impacting integrity and availability across us...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.23 views

PT-2026-41194

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description An authorization issue allows any authenticated user with low privileges to enumerate active background tasks across the system and stop tasks belonging to other users. This occurs because the...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:15 p.m.11 views

CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

8.6CVSS5.8AI score0.00391EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 7:12 p.m.38 views

CVE-2026-42191 OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

6.5CVSS0.00108EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 7:12 p.m.10 views

CVE-2026-42191 OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

6.5CVSS5.8AI score0.00108EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/12 1:28 p.m.18 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/07 1:49 a.m.14 views

Authorization Bypass Through User-Controlled Key

Overview aegra-api is an Aegra core API - Self-hosted Agent Protocol server Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the POST /threads/threadid/runs, POST /threads/threadid/runs/stream, and POST /threads/threadid/runs/wait endpoints...

8.6CVSS5.9AI score0.00285EPSS
Exploits0References3
OSV
OSV
added 2026/04/30 6:34 p.m.11 views

GHSA-4625-4J76-FWW9 OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter

Summary The OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but OTELDOTNETEXPERIMENTALOTLPDISKRETRYDIRECTORYPATH was not configured. The exporter stored and loaded .blob files under...

6.5CVSS5.8AI score0.00108EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/30 6:34 p.m.127 views

OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter

Summary The OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but OTELDOTNETEXPERIMENTALOTLPDISKRETRYDIRECTORYPATH was not configured. The exporter stored and loaded .blob files under...

7.8CVSS5.4AI score0.00108EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/04/30 6:34 p.m.8 views

Creation of Temporary File in Directory with Insecure Permissions

Overview OpenTelemetry.Exporter.OpenTelemetryProtocol is an OTLP Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions in the ExperimentalOptions used in handling disk retry storage for telemetry data...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References2
Rows per page
Query Builder