CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/01/23 3:28 a.m.•31 views

CVE-2026-0766

Open WebUI contains a vulnerability in load_tool_module_by_id that allows remote code execution via command injection. The flaw comes from insufficient validation of a user-supplied string before it is used to execute Python code, enabling an attacker to run arbitrary code in the service account’...

8.8CVSS6.5AI score0.27227EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/01/23 3:28 a.m.•29 views

CVE-2026-0766 Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS0.27227EPSS

Vulnrichment•added 2026/01/23 3:28 a.m.•5 views

CVE-2026-0766 Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

8.8CVSS6.5AI score0.27227EPSS

ATTACKERKB•added 2026/01/23 3:28 a.m.•3 views

CVE-2026-0766

8.8CVSS6.3AI score0.27227EPSS

Exploits1References2Affected Software1

Chainguard•added 2026/01/23 1:20 a.m.•5 views

CVE-2026-22807 vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, py3-vllm-cuda-12.4, tritonserver-backend-vllm-cuda-12.9...

9.8CVSS6.6AI score0.00542EPSS

Exploits1

SUSE CVE•added 2026/01/23 12:56 a.m.•5 views

SUSE CVE-2025-15523

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

4.8CVSS5.7AI score0.00146EPSS

Exploits0References3

CNNVD•added 2026/01/23 12:0 a.m.•6 views

Langflow code injection vulnerability

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a code injection vulnerability, which arises from the possibility of introducing custom code when handling Python function components. This vulnerability may lead t...

7.1CVSS7.4AI score0.00551EPSS

Tenable Nessus•added 2026/01/23 12:0 a.m.•4 views

Debian dla-4446 : python3-urllib3 - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4446 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4446-1 [email protected] https://www.debian.org/lts/security/...

8.9CVSS5.6AI score0.0068EPSS

Exploits0References4

CNNVD•added 2026/01/23 12:0 a.m.•4 views

CPython security vulnerabilities

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability that stems from the email module’s improper handling of line breaks during email serialization, which may lead to header injection attacks...

6CVSS6.8AI score0.00737EPSS

OpenVAS•added 2026/01/23 12:0 a.m.•5 views

Debian: Security Advisory (DLA-4446-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.9CVSS5.5AI score0.0068EPSS

Exploits0References2

Tenable Nessus•added 2026/01/23 12:0 a.m.•4 views

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1367)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1367 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server...

8.9CVSS5.9AI score0.00622EPSS

Amazon•added 2026/01/23 12:0 a.m.•7 views

Medium: python-pip

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...

8.9CVSS7.3AI score0.00622EPSS

Tenable Nessus•added 2026/01/23 12:0 a.m.•5 views

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1366)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1366 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server...

8.9CVSS5.9AI score0.00622EPSS

Amazon•added 2026/01/23 12:0 a.m.•9 views

Medium: python3.11-pip

8.9CVSS7.3AI score0.00622EPSS

Tenable Nessus•added 2026/01/23 12:0 a.m.•3 views

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1368)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1368 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server...

8.9CVSS5.9AI score0.00622EPSS

OSV•added 2026/01/23 12:0 a.m.•3 views

DLA-4446-1 python-urllib3 - security update

Bulletin has no description...

8.9CVSS5AI score0.0068EPSS

Debian•added 2026/01/22 10:26 p.m.•6 views

[SECURITY] [DSA 6102-2] python-urllib3 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-6102-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 22, 2026 https://www.debian.org/security/faq -...

8.9CVSS5.4AI score0.0068EPSS