Lucene search
K

71 matches found

NVD
NVD
added 2026/06/10 8:17 p.m.7 views

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS0.00529EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2026/06/10 7:46 p.m.8 views

CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS6.4AI score0.00529EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 7:46 p.m.127 views

CVE-2026-46529

Technical details such as affected versions, impact, and remediation are not provided in the supplied documents; monitor for updates from official advisories.

8.4CVSS6.5AI score0.00529EPSS
Exploits0References16
AlpineLinux
AlpineLinux
added 2026/06/10 7:46 p.m.13 views

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS6.5AI score0.00529EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/15 9:26 p.m.9 views

CVE-2026-45315 Open WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS5.8AI score0.0018EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:26 p.m.13 views

CVE-2026-45315

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS5.8AI score0.0018EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:17 p.m.10 views

Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions

Summary The audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serves these files via FileResponse, which sets Content-Type from the on-disk extension and emits no...

8.7CVSS6.2AI score0.0018EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/14 8:17 p.m.8 views

GHSA-M8F9-9WHG-F4XR Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions

Summary The audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serves these files via FileResponse, which sets Content-Type from the on-disk extension and emits no...

8.7CVSS6.2AI score0.0018EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.12 views

Detecting Privilege Escalation in Polyglot Microservices Via Agentic Program Analysis

Microservices are widely adopted in modern cloud systems due to their scalability and fault tolerance. However, microservice architectures introduce significant complexity in privilege and permission control, creating risks of privilege escalation where attackers can gain unauthorized access to...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-41168

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description An issue exists where the audio transcription upload endpoint uses the file extension from a user-supplied filename to save files. The '/cache/path' route serves these files via FileResponse, whic...

8.7CVSS5.9AI score0.0018EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33647

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An...

8.8CVSS5.8AI score0.00639EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/25 5:45 p.m.5 views

EUVD-2026-14482

AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload...

8.8CVSS5.9AI score0.00639EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/25 5:45 p.m.6 views

AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

Summary The ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An attacker can upload a polyglot file valid JPEG magic bytes followed by PHP cod...

8.8CVSS6.1AI score0.00639EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/25 5:45 p.m.4 views

GHSA-WXJW-PHJ6-G75W AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

Summary The ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An attacker can upload a polyglot file valid JPEG magic bytes followed by PHP cod...

8.8CVSS6.1AI score0.00639EPSS
Exploits1References4
NVD
NVD
added 2026/03/23 7:16 p.m.3 views

CVE-2026-33647

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An...

8.8CVSS0.00639EPSS
Exploits1References2
CVE
CVE
added 2026/03/23 6:23 p.m.9 views

CVE-2026-33647

WWBN AVideo (versions up to 26.0) is affected by a RCE in ImageGallery::saveFile(), where MIME-type validation via finfo passes a polyglot file with a .php extension because the saved filename extension is derived from the user-provided name without an allowlist. An attacker can upload a file wit...

8.8CVSS5.8AI score0.00639EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 6:23 p.m.3 views

CVE-2026-33647 AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An...

8.8CVSS5.8AI score0.00639EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27169

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the...

8.8CVSS5.8AI score0.00639EPSS
Exploits1References8
The Hacker News
The Hacker News
added 2026/03/06 3:11 p.m.10 views

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence AI-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed...

6.1AI score
Exploits0
CVE
CVE
added 2026/02/09 9:56 p.m.17 views

CVE-2026-25923

The CVE describes a vulnerability in My Little Forum (PHP/MySQL) where the URL validation fails to filter the phar:// protocol before 20260208.1. This allows an attacker to upload a malicious Phar Polyglot disguised as a JPEG, trigger Phar deserialization via BBCode [img] processing, and leverage...

9.1CVSS5.8AI score0.00435EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder