Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

15888 matches found

Snyk
Snykadded 2026/05/08 7:51 p.m.7 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the processweb and processyoutube endpoints when the overwrite parameter is set to true and the collectionname is attacker-controlled. An attacker can overwrite or delete another user...

8.1CVSS5.8AI score0.00295EPSS
Exploits1References2
OSV
OSVadded 2026/05/08 7:38 p.m.8 views

GHSA-HR43-RJMR-7WMM Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts

Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts Affected Component Folder creation endpoint and form model: - backend/openwebui/models/folders.py lines 72-77, FolderForm with extra='allow' - backend/openwebui/models/folders.py lines 95-106,...

5CVSS6AI score0.00287EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2026/05/08 3:16 p.m.5 views

CVE-2026-43430

In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a window during which...

4.7CVSS5.7AI score0.00089EPSS
Exploits0References10
OSV
OSVadded 2026/05/08 3:16 p.m.6 views

UBUNTU-CVE-2026-43430

In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a window during which...

4.7CVSS5.7AI score0.00089EPSS
Exploits0References11
CVE
CVEadded 2026/05/08 2:22 p.m.19 views

CVE-2026-43430

The issue CVE-2026-43430 affects the Linux kernel USB driver for yurex. A race condition occurs in the probe path where the bbu field is not initialized before the URB completion handler uses it, creating a window during which descriptor data can be overwritten by concurrent probing. This can lea...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References8Affected Software1
AstraLinux
AstraLinuxadded 2026/05/08 9:9 a.m.10 views

Astra Linux – Vulnerability in PackageKit

PackageKit is a D-Bus abstraction layer that allows users to manage packages in a secure manner using a cross-distro, cross-architecture API. PackageKit in versions 1.0.2 through 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition involving transaction flags, which allows...

8.8CVSS6AI score0.00413EPSS
Exploits10References3
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.8 views

PT-2026-39271

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The 'POST /api/v1/retrieval/process/web' endpoint accepts a user-supplied collection name and an overwrite query parameter, which defaults to True. The system fails to perform authorization checks...

8.1CVSS5.8AI score0.00295EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.8 views

PT-2026-39091

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the usb: yurex probe process. The bbu member of the descriptor is not set to the uninitialized value before the submission of the URB USB Request Block whose...

4.7CVSS5.4AI score0.00089EPSS
Exploits0References20
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.11 views

PT-2026-39279

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The 'POST /api/v1/models/import' endpoint allows users with the workspace.models import permission to overwrite any existing model in the database, regardless of ownership. When an imported model'...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.10 views

PT-2026-39267

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Open WebUI is a self-hosted artificial intelligence platform. A mass assignment issue exists where the FolderForm uses a configuration that permits arbitrary fields to pass through Pydantic...

5CVSS5.9AI score0.00287EPSS
Exploits1References5
CNNVD
CNNVDadded 2026/05/08 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the USB Yurex driver’s detection process. During this process, the BBU members are not set to an...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/07 9:30 p.m.20 views

EUVD-2026-28422

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.8AI score0.00179EPSS
Exploits0References5
OSV
OSVadded 2026/05/07 8:16 p.m.2 views

DEBIAN-CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References1
NVD
NVDadded 2026/05/07 8:16 p.m.19 views

CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS0.00179EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/05/07 8:16 p.m.7 views

CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References7
OSV
OSVadded 2026/05/07 8:16 p.m.4 views

UBUNTU-CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References8
AlpineLinux
AlpineLinuxadded 2026/05/07 7:41 p.m.12 views

CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS5.8AI score0.00179EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/05/07 7:41 p.m.8 views

CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.8AI score0.00179EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/07 7:41 p.m.11 views

CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.8AI score0.00179EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/05/07 7:21 p.m.8 views

GO-2026-4978 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References3
Rows per page
Query Builder