Lucene search
K

1070 matches found

Cvelist
Cvelist
added 2026/05/27 5:9 p.m.42 views

CVE-2026-45716 Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS0.00261EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

Bugsink 安全漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the event pages did not require events to be issues within URLs, which could allow authenticat...

3.1CVSS5.8AI score0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/05/22 4:50 p.m.41 views

CVE-2026-33712

Technical details (affected version, root cause, exploit, or patch specifics) are not publicly available in the provided documents. Monitor for updates.

10CVSS5.8AI score0.00347EPSS
Exploits1References2
OSV
OSV
added 2026/05/19 7:49 p.m.26 views

GHSA-HCF7-66RW-9F5R Turbo: Login callback CSRF/session fixation

Impact Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a request to the local callback server with an attacker-controlled token. If accepted before the...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/19 7:49 p.m.12 views

EUVD-2026-30553

Trubo: Login callback CSRF/session fixation...

6.5CVSS5.8AI score0.00124EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 7:49 p.m.13 views

Turbo: Login callback CSRF/session fixation

Impact Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a request to the local callback server with an attacker-controlled token. If accepted before the...

6.5CVSS5.8AI score0.00124EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/19 1:56 p.m.10 views

CVE-2026-45365

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated...

5.4CVSS5.8AI score0.00193EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/19 1:58 a.m.12 views

CVE-2026-45672

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

8.8CVSS6AI score0.00406EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/05/19 1:58 a.m.12 views

CVE-2026-45351

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...

6.5CVSS5.8AI score0.00281EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.67 views

📄 Bichon 1.0.2 Privilege Escalation

Bichon version 1.0.2 suffers from a vertical privilege escalation vulnerability via the account role assignment functionality. Bichon 1.0.2 Vertical Privilege Escalation via Account Role Assignment ====================================================================== Vendor: rustmailer Product:...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/16 10:15 a.m.226 views

Exploit for Server-Side Request Forgery in Vercel Next.Js

CVE-2026-44578 — Next.js WebSocket Upgrade SSRF Pre-authentic...

8.6CVSS5.8AI score0.38696EPSS
Exploits9
NVD
NVD
added 2026/05/15 10:16 p.m.20 views

CVE-2026-45667

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDINGFUNCTION.... This allows any unauthenticated caller to trigger embedding generati...

6.5CVSS0.00341EPSS
Exploits1References1
NVD
NVD
added 2026/05/15 10:16 p.m.14 views

CVE-2026-45365

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated...

5.4CVSS0.00193EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 9:46 p.m.13 views

EUVD-2026-30667

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery SSRF vulnerability exists in processpictureurl in backend/openwebui/utils/oauth.py line 1338. The function fetches arbitrary URLs from OAuth picture...

7.7CVSS6AI score0.00381EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:45 p.m.13 views

CVE-2026-44549

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheettohtml to embed an XSS payload into the generated...

7.3CVSS5.8AI score0.00318EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/15 9:44 p.m.20 views

EUVD-2026-30661

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profileimageurl field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is...

5.4CVSS5.9AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 9:42 p.m.20 views

EUVD-2026-30664

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 9:41 p.m.47 views

CVE-2026-45667 Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDINGFUNCTION.... This allows any unauthenticated caller to trigger embedding generati...

6.5CVSS0.00341EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:40 p.m.8 views

CVE-2026-44565

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with nam...

8.1CVSS5.8AI score0.00454EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/15 9:40 p.m.18 views

EUVD-2026-30640

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with nam...

8.1CVSS5.8AI score0.00454EPSS
Exploits1References1
Rows per page
Query Builder