CVE-2026-41258

OpenMRS Core prior to 2.7.9 and 2.8.6 is vulnerable to stored Velocity SSTI that leads to RCE. The issue occurs when evaluateCriteria() processes database-stored criteria as Velocity templates without sandboxing, with VelocityEngine initialized for logging only and no Secure Uberspector, allowing...

MINI-GJ2C-7HFX-J5V6

Bulletin has no description...

ECHO-A82D-5A43-BEF7

Bulletin has no description...

ECHO-50E5-DFFB-2CC0

Bulletin has no description...

CVE-2024-21962

Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution...

CVE-2026-44662

creationtimestamp| type| source ---|---|--- 2026-05-15 01:19:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlu63ckcem2t...

PT-2026-41418

wow CVE-2026-22931203921321321...

OpenMRS 代码注入漏洞

OpenMRS is an open-source electronic health record system developed by OpenMRS Inc. Versions of OpenMRS from 2.7.0 to 2.7.9 and before 2.8.6 have a code injection vulnerability. This vulnerability arises from the ConceptReferenceRangeUtility.evaluateCriteria method, which evaluates condition...

Open WebUI < 0.9.5 Multiple Vulnerabilities

The version of Open WebUI running on the remote host is prior to 0.9.5. It is, therefore, affected by multiple vulnerabilities: - An insecure direct object reference IDOR vulnerability in the retrieval API allows any authenticated user who knows a private knowledge base UUID to bypass access...

MINI-JC9C-Q4C5-324F

Bulletin has no description...

MINI-6XFV-8RWH-33RV

Bulletin has no description...

GHSA-X3QM-P8HR-3C3H Open WebUI has an Indirect Object Reference (IDOR) in user notes

Summary The API /api/v1/notes/noteid endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. This results in unauthorized disclosure of potentially sensitive or private user data. Details - if notes is...

Open WebUI has an Indirect Object Reference (IDOR) in user notes

Summary The API /api/v1/notes/noteid endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. This results in unauthorized disclosure of potentially sensitive or private user data. Details - if notes is...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45400 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45400 Source advisory: SNYK:PYTHON-OPENWEBUI-16755281...

CVE-2026-44544

gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...

CVE-2026-44544

gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...

UBUNTU-CVE-2026-44544

gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...

CVE-2026-32643

creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/f5-products-multiple-vulnerabilities20260515...

CVE-2026-7805

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-3258. Reason: This candidate is a reservation duplicate of CVE-2026-3258. Notes: All CVE users should reference CVE-2026-3258instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2026-44544

Summary of the vulnerability (CVE-2026-44544) : In gittuf, before version 0.14.0, an attacker with push access to the Reference State Log (RSL) could roll back the current policy to a previously trusted version by inserting an RSL entry that references an older policy. This works because policy l...