Lucene search
K

54 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-54013

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but forgot to apply the same fix to model profile images. The ModelMeta class has no...

7.6CVSS0.00174EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:46 p.m.34 views

CVE-2026-54013 Open WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUI

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but forgot to apply the same fix to model profile images. The ModelMeta class has no...

7.6CVSS0.00174EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:46 p.m.15 views

CVE-2026-54013

CVE-2026-54013 describes a stored XSS in Open WebUI where the model profile image URL could be a data:image/svg+xml;base64 payload. The root cause is missing input validation on ModelMeta.profile_image_url and missing output protections in the model image endpoint (no MIME allowlist, no nosniff, ...

7.6CVSS5.8AI score0.00174EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.10 views

PT-2026-50485

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains a stored Cross-Site Scripting XSS issue where the platform fails to validate profile images for models. While similar issues were patched for user and webhook profile images, t...

7.6CVSS5.9AI score0.00174EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/13 12:34 a.m.9 views

EUVD-2026-36628

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...

5.3CVSS5.2AI score0.00183EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 10:16 p.m.10 views

CVE-2026-53867

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...

5.3CVSS0.00183EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:57 p.m.13 views

CVE-2026-53867 Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...

5.3CVSS5.2AI score0.00183EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 2:23 p.m.8 views

EUVD-2026-36454

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0...

6.9CVSS5.3AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.8 views

PT-2026-49044

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The software fails to delete previously uploaded profile images from backend storage when users replace or remove them. This results in orphaned image files that can be accessed by attackers through...

5.3CVSS5.2AI score0.00183EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 9:16 a.m.12 views

CVE-2026-34031

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to...

6.5CVSS0.00403EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 7:34 a.m.8 views

EUVD-2026-35370

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47716

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description The server fails to sufficiently validate user-supplied image URLs. This allows arbitrary external content to be embedded as profile images, potentially exposing users to unintended external...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

MyBB Timeline Plugin 跨站脚本漏洞

The MyBB Timeline Plugin is a plugin provided by MyBB Corporation that offers dynamic timeline displays and social activity stream functions for MyBB forums. Version 1.0 of the MyBB Timeline Plugin contained a cross-site scripting vulnerability. This vulnerability stemmed from cross-site scriptin...

6.9CVSS5.6AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.2 views

CVE-2025-69727

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...

5.3CVSS5.9AI score0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/03/16 7:16 p.m.6 views

CVE-2025-69727

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...

5.3CVSS0.00243EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 12:0 a.m.1 views

CVE-2025-69727

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...

5.8AI score0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 12:0 a.m.7 views

CVE-2025-69727

CVE-2025-69727 affects INDEX-EDUCATION PRONOTE

5.3CVSS5.8AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 12:0 a.m.26 views

CVE-2025-69727

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...

0.00243EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

INDEX ÉDUCATION PRONOTE 安全漏洞

INDEX ÉDUCATION PRONOTE is an educational management platform developed by the French company INDEX ÉDUCATION. Versions of INDEX ÉDUCATION PRONOTE prior to version 2025.2.8 contained security vulnerabilities. These vulnerabilities were due to improper access control, which could allow unverified...

5.3CVSS5.8AI score0.00243EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/05 9:13 a.m.8 views

CVE-2026-1271 ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pmuploadimage' and 'pmuploadcoverimage' AJAX actions. This is due to the updateusermeta function being called outsi...

5.3CVSS5.4AI score0.00315EPSS
Exploits0References6
Rows per page
Query Builder