PT-2026-41171

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description Open WebUI renders user-uploaded Office files, such as Excel and DOCX, as HTML using the @html directive without applying DOMPurify sanitization. This lack of sanitization allows for Stored...

CVE-2026-27640

tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and...

CVE-2026-27640

CVE-2026-27640 affects tfplan2md prior to version 1.26.1. A bug in rendering paths for AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and hierarchical sensitivity detection caused sensitive values to render as non-masked strings instead of “(sensi...

PT-2026-21856

Name of the Vulnerable Software and Affected Versions tfplan2md versions prior to 1.26.1 Description tfplan2md is software used to convert Terraform plan JSON files into Markdown reports. Versions of the software prior to 1.26.1 had a flaw where sensitive values that should have been masked as...