CVE-2026-35050 text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at "Session -> Save extention settings to user_data/settings.yaml".

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...

CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

EUVD-2021-29509

Malicious code in bioql PyPI...

PT-2024-18355 · WordPress · Revivepress

Name of the Vulnerable Software and Affected Versions: RevivePress – Keep your Old Content Evergreen plugin for WordPress versions up to, and including, 1.5.6 Description: The issue allows unauthorized access and modification of data due to a missing capability check on the import data and copy...

Code injection

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

CVE-2023-43835

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

Mozilla Firefox ESR Resource Management Error Vulnerability (CNVD-2020-46332)

Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox ESR versions prior to 68.11 for Android-based platforms. The vulnerability can be exploited by an attacker with the help o...