CVE-2026-27130

CVE-2026-27130 affects Dokploy (PaaS) versions ≤ 0.26.6. The vulnerability is an OS command injection in the appName parameter, caused by three chained issues: inadequate input sanitization (cleanAppName only lowers case and replaces spaces), lack of schema validation, and direct interpolation of...

CVE-2026-45350

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...

CVE-2026-45350

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...

EUVD-2026-30652

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained security vulnerabilities. These vulnerabilities stemmed from the chat completion API, where tool IDs and server parameters were provided by users witho...

GHSA-4PCG-253R-RF9W Open WebUI's chat completion API allows tool restrictions to be bypassed

Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. Details In the chatcompletion API, the parameters toolids and toolservers are supplied by the user. These...

CVE-2026-5029

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

PT-2026-40542

Name of the Vulnerable Software and Affected Versions esm.sh versions 137 and earlier Description The legacy router retrieves a response from legacyServer, parses the request path, and writes data to storage using the buildStorage.Put function. Because the router concatenates path components...

Indico 操作系统命令注入漏洞

Indico is an open-source event management system with rich functionality. Versions of Indico prior to 3.3.12 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the LaTeXLive vulnerability and ambiguous LaTeX syntax that could be exploited by...

PT-2026-41180

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description A flaw in the chat completion API allows users to bypass tool restrictions, potentially leading to unauthorized actions or access. In the '/api/chat/completions' endpoint, the tool ids and tool...

CVE-2025-61943 AVEVA Process Optimization SQL Injection

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Standard User to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server...

Command Injection Vulnerability in FineReport, FineBI, and FineDataLink of SailSoft Software Ltd.

FineReport is a leading enterprise-grade web reporting tool.FineBI is a new generation of self-service BI tools.FineDataLink is a low-code/high-time-efficiency enterprise-grade one-stop data integration and governance platform product. A command injection vulnerability exists in FineReport, FineB...

phpMyAdmin 5.0.0 - SQL Injection

Exploit Title: phpMyAdmin 5.0.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/ Software Link: https://github.com/phpmyadmin/phpmyadmin/ Version: 5.0.0 Tested on: Windows CVE : CVE-2020-5504 Proof Of Concept GET...

📄 phpMyAdmin 5.0.0 SQL Injection

phpMyAdmin version 5.0.0 suffers from a remote SQL injection vulnerability. Exploit Title: phpMyAdmin 5.0.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/ Software Link: https://github.com/phpmyadmin/phpmyadmin/ Version: 5.0....

Remote Code Execution Vulnerability in U8 Cloud of UFIDA Network Technology Co.

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A remote code execution vulnerability exists in UFIDA U8 Cloud, which can be...

EUVD-2005-4445

Malware in sbrugna...

EUVD-2001-1088

Malware in sbrugna...

EUVD-2013-3740

Malware in sbrugna...

EUVD-2013-1567

Malware in sbrugna...

EUVD-2018-10819

Malware in sbrugna...