1903 matches found
SUSE CVE-2026-23433
In the Linux kernel, the following vulnerability has been resolved: armmpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth monitoring is brought offline and then online, mpamrestorembwustate calls rismsmonread via ipi to restore the...
EUVD-2026-18671
In the Linux kernel, the following vulnerability has been resolved: armmpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth monitoring is brought offline and then online, mpamrestorembwustate calls rismsmonread via ipi to restore the...
CVE-2026-23433
In the Linux kernel, the following vulnerability has been resolved: armmpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth monitoring is brought offline and then online, mpamrestorembwustate calls rismsmonread via ipi to restore the...
CVE-2026-23433
CVE-2026-23433 concerns the Linux kernel arm_mpam component and memory bandwidth monitoring. The root cause is a null pointer dereference in mpam_restore_mbwu_state: when an MSC is offline then online, __ris_msmon_read() is invoked via IPIs to restore bandwidth-counter configuration, but mbwu_arg...
CVE-2026-23433
In the Linux kernel, the following vulnerability has been resolved: armmpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth monitoring is brought offline and then online, mpamrestorembwustate calls rismsmonread via ipi to restore the...
PT-2026-30128
In the Linux kernel, the following vulnerability has been resolved: arm mpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth monitoring is brought offline and then online, mpam restore mbwu state calls ris msmon read via ipi to restore the...
CVE-2026-34222
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11...
redux-queue-offline (=0.4.1) potentially affected by CVE-2026-2950 via lodash.unset (=4.0.2)
lodash.unset NPM version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on lodash.unset and may be impacted: - redux-queue-offline =0.4.1 Source cves: CVE-2026-2950 Source advisory: OSV:GHSA-F23M-R3PF-42RH...
EUVD-2026-17977
Open WebUI has Broken Access Control in Tool Valves...
CVE-2026-34222
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11...
CVE-2026-34222
Affected product: Open WebUI, a self-hosted offline AI platform. Issue: broken access control in tool values prior to version 0.8.11. Impact: potential exposure due to access control bypass; CVSS 3.1 base score 7.7 (HIGH) with Network attack vector, low privileges required, no user interaction, c...
PT-2026-29571
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11...
redux-queue-offline (=0.4.1) potentially affected by CVE-2025-13465 +1 more via lodash.unset (=4.0.2)
lodash.unset NPM version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on lodash.unset and may be impacted: - redux-queue-offline =0.4.1 Source cves: CVE-2025-13465, CVE-2026-2950 Source advisory: SNYK:JS-LODASHUNSET-15869620...
Important: Red Hat Security Advisory: General availability of the satellite/iop-advisor-frontend-rhel9 container image
A new satellite/iop-advisor-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services...
EUVD-2026-17419
A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...
CVE-2026-29870
A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...
poc-studio-public
Nuclei Offline GUI This is a pure offline desktop prototype,...
CVE-2026-29870
A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...
CVE-2026-29071
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection. Version 0.8.6 patches the issue...
EUVD-2026-16486
Open WebUI's Insecure Direct Object Reference IDOR allows access to other users' memories...