CVE-2026-45339

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When an API key is restricted from /api/v1/messages, requests using the Authorization: Bearer sk-...

EUVD-2026-30612

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When an API key is restricted from /api/v1/messages, requests using the Authorization: Bearer sk-...

CVE-2021-22006

The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints...

PT-2025-6706 · Unknown · Yeqifu Carrental

Name of the Vulnerable Software and Affected Versions: yeqifu carRental version 1.0 Description: The issue allows a remote attacker to obtain sensitive information via the "file/downloadFile.action?path=" component. This is a Directory Traversal vulnerability, which can be exploited to access...

Enjay IT Solutions Enjay CRM 安全漏洞

Enjay IT Solutions Enjay CRM is a customer relationship management software from Enjay IT Solutions, India. A security vulnerability exists in Enjay IT Solutions Enjay CRM version 1.0, which stems from a vulnerability that allows an attacker to escape a restricted endpoint environment and gain...

Enjay IT Solutions Enjay CRM 安全漏洞

Enjay IT Solutions Enjay CRM is a customer relationship management software from Enjay IT Solutions, India. A security vulnerability exists in Enjay IT Solutions Enjay CRM version 1.0, which stems from a vulnerability that allows an attacker to escape a restricted endpoint environment and gain...

PT-2023-29920 · Apache · Apache

Name of the Vulnerable Software and Affected Versions: FOG versions prior to 1.5.10 Description: The issue affects FOG, a free open-source cloning/imaging/rescue suite/inventory management system. An endpoint intended for authenticated users to have limited enumeration abilities was accessible to...

Denial Of Service (DoS)

distribution is vulnerable to Denial of Service DoS attacks. The vulnerability is due to the /v2/catalog endpoint which may potentially cause Denial of Service conditions on systems running on a memory restricted environment. The endpoint has an optional parameter n for the max amount of records...

PT-2022-23829 · D Link · Dir-816

Name of the Vulnerable Software and Affected Versions: D-link DIR-816 version 1.10CNB04 Description: The issue allows the router to reboot without authentication via the "/goform/doReboot" API endpoint. No authentication is required, and the reboot is executed when the function returns at the end...

Exploiting Oracle WebLogic by Remote Code Execution with a /console endpoint restricted

This article explains how to exploit Oracle WebLogic for remote code execution by using valid credentials. Its useful during black-box security audits, pentests, and infrastructure audits, including automated vulnerability scanning. To set up an example playground, we will use the following docke...