4433 matches found
CVE-2026-54011
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...
CVE-2026-54011
Open WebUI vulnerability CVE-2026-54011 is a stored XSS in Mermaid Markdown Preview. Affected versions include main and 0.8.12; the Mermaid rendering uses securityLevel: 'loose' and injects SVG via innerHTML in the file preview path, enabling JavaScript execution in the app origin. The issue is c...
CVE-2026-54011 Open WebUI: Stored XSS in Mermaid Markdown Preview
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...
PT-2026-51430
Name of the Vulnerable Software and Affected Versions motionEye version 0.43.1 Description An absolute path traversal issue exists in the picture and movie API endpoints, such as '/picture/id/preview/filename'. The vulnerability occurs because the API handlers and functions get media preview and...
CVE-2026-56385
Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...
CVE-2026-56384
Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview...
CVE-2026-56385 Craft CMS - Authorization Bypass in assets/preview-file Endpoint
Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...
CVE-2026-56385
Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...
CVE-2026-56385
Craft CMS suffers an authorization bypass in the assets/preview-file endpoint. Versions affected: 5.0.0-RC1–5.9.13 and 4.0.0-RC1–4.17.7. An authenticated low-privileged user can supply an assetId for an asset they should not view and still receive preview data (previewHtml), including a private p...
EUVD-2026-38179
Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...
CVE-2026-56384
Craft CMS has a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview link for that...
EUVD-2026-38178
Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview...
CVE-2026-56384
Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview...
CVE-2026-56325
Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for appid lookup in the preview subdomain resolver, allowing underscore characters in appid to act as SQL wildcards. Attackers can create apps with appids differing by one character at underscore positions to cause...
EUVD-2026-38113
Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for appid lookup in the preview subdomain resolver, allowing underscore characters in appid to act as SQL wildcards. Attackers can create apps with appids differing by one character at underscore positions to cause...
CVE-2026-56325 Capgo - App ID Confusion via ILIKE Wildcard in Preview Subdomain Lookup
Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for appid lookup in the preview subdomain resolver, allowing underscore characters in appid to act as SQL wildcards. Attackers can create apps with appids differing by one character at underscore positions to cause...
CVE-2026-56325
Capgo CVE-2026-56325 affects Capgo versions prior to 12.128.2. The preview subdomain resolver uses ILIKE (case-insensitive) matching for app_id lookups instead of exact matching, allowing underscore characters to act as wildcards. This can cause unintended pattern matches, potentially breaking pr...
PT-2026-51144
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The preview subdomain resolver uses ILIKE pattern matching instead of exact matching for app id lookup. This allows underscore characters within the app id to function as SQL wildcards. An attacker...
CVE-2026-49336
The CVE concerns @microsoft/kiota-http-fetchlibrary (TypeScript) in versions 1.0.0-preview.97–1.0.0-preview.101, where RedirectHandler’s scrubSensitiveHeaders uses case-sensitive deletion (delete headers.Authorization, delete headers.Cookie) on a headers object already lower-cased by FetchRequest...
PT-2026-51008
Name of the Vulnerable Software and Affected Versions @microsoft/kiota-http-fetchlibrary versions 1.0.0-preview.97 through 1.0.0-preview.101 Description The RedirectHandler in the library fails to properly remove sensitive headers during cross-origin redirects. While it is intended to strip...