7 matches found
CVE-2026-60081
DBI::ProfileData for Perl contains a vulnerability in versions before 1.651 where the path index is not bounded. The path index column in profile dump files is used to allocate memory for the parser; an attacker could specify a large index and exhaust memory. A fix is available in DBI-1.651 (and ...
CVE-2026-54021
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied urlidx path parameter and use it as a raw index into the admin-configured OLLAMABASEURLS list. Access...
Incorrect Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization through the getollamaurl process. An attacker can gain unauthorized access to restricted backend resources by supplying a crafted urlidx path parameter to route requests to internal or...
GHSA-5R3V-VC8M-M96G Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport
Summary Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because strings.ToLower can change UTF-8 byte length for some characters. As a result, Caddy can deri...
CVE-2026-2897
A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be...
EUVD-2024-54895
Malicious code in bioql PyPI...
CVE-2024-57154
CVE-2024-57154 concerns dts-shop v0.0.1-SNAPSHOT, where an improper access control mechanism allows an attacker to bypass authentication by sending a crafted payload to the /admin/auth/index endpoint. The vulnerability affects the authentication flow in the dts-shop application (version v0.0.1-SN...