Lucene search
K

7 matches found

CVE
CVE
added yesterday8 views

CVE-2026-60081

DBI::ProfileData for Perl contains a vulnerability in versions before 1.651 where the path index is not bounded. The path index column in profile dump files is used to allocate memory for the parser; an attacker could specify a large index and exhaust memory. A fix is available in DBI-1.651 (and ...

6.1AI score
Exploits0References4
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-54021

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied urlidx path parameter and use it as a raw index into the admin-configured OLLAMABASEURLS list. Access...

6.3CVSS0.0021EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/17 6:1 p.m.5 views

Incorrect Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization through the getollamaurl process. An attacker can gain unauthorized access to restricted backend resources by supplying a crafted urlidx path parameter to route requests to internal or...

6.3CVSS5.9AI score0.0021EPSS
Exploits0References2
OSV
OSV
added 2026/02/24 8:39 p.m.6 views

GHSA-5R3V-VC8M-M96G Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport

Summary Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because strings.ToLower can change UTF-8 byte length for some characters. As a result, Caddy can deri...

9.3CVSS6.6AI score0.00542EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/22 12:2 a.m.7 views

CVE-2026-2897

A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be...

4.8CVSS3.8AI score0.00202EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54895

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00397EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 12:0 a.m.17 views

CVE-2024-57154

CVE-2024-57154 concerns dts-shop v0.0.1-SNAPSHOT, where an improper access control mechanism allows an attacker to bypass authentication by sending a crafted payload to the /admin/auth/index endpoint. The vulnerability affects the authentication flow in the dts-shop application (version v0.0.1-SN...

9.8CVSS7.3AI score0.00397EPSS
Exploits0References1
Rows per page
Query Builder