Lucene search
K

6125 matches found

Nuclei
Nuclei
added 10 hours ago122 views

Simple Task Managing System v1.0 - SQL Injection

SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries. id:...

9.8CVSS7.1AI score0.20693EPSS
Exploits5References5
NVD
NVD
added yesterday3 views

CVE-2026-15557

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS0.00507EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday25 views

CVE-2026-15557 waooAI waoowaoo Internal Task Header api-auth.ts requireProjectAuthLight improper authentication

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS0.00507EPSS
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-15557

CVE-2026-15557 affects waooAI waoowaoo up to version 0.4.1. The vulnerability resides in the Internal Task Header Handler’s API-auth logic (functions getInternalTaskSession, getAuthSession, requireUserAuth, requireProjectAuth, requireProjectAuthLight in src/lib/api-auth.ts). Malicious manipulatio...

7.5CVSS6.7AI score0.00507EPSS
Exploits0References6
NVD
NVD
added 2 days ago9 views

CVE-2026-15499

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/crontools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS0.00201EPSS
Exploits0References5
CVE
CVE
added 2 days ago8 views

CVE-2026-15499

AstrBotDevs AstrBot (versions up to 4.25.2) contains a vulnerability in the function FutureTaskTool.call (astrbot/core/tools/cron_tools.py). Manipulating payload["note"] leads to improper authorization, enabling remote exploitation. Public exploit availability is reported. No remediation details ...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5
Oracle linux
Oracle linux
added 4 days ago5 views

Unbreakable Enterprise kernel security update

5.15.0-322.203.3.3 - locking/rtmutex: Skip removewaiter when waiter is not enqueued Davidlohr Bueso Orabug: 39706512 - rtmutex: Use waiter::task instead of current in removewaiter Keenan Dong Orabug: 39706512 CVE-2026-43499 5.15.0-322.203.3.2 - KVM: x86/mmu: Ensure hugepage is in by slot before...

7.8CVSS7AI score0.00125EPSS
Exploits12
Oracle linux
Oracle linux
added 4 days ago5 views

Unbreakable Enterprise kernel security update

5.4.17-2136.357.3.2 - locking/rtmutex: Skip removewaiter when waiter is not enqueued Davidlohr Bueso Orabug: 39706958 - rtmutex: Use waiter::task instead of current in removewaiter Keenan Dong Orabug: 39706958 CVE-2026-43499 5.4.17-2136.357.3.1 - KVM: x86: Fix shadow paging use-after-free due to...

7.8CVSS6.9AI score0.00125EPSS
Exploits12
Amazon
Amazon
added 4 days ago4 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter CVE-2026-43499 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about...

7.8CVSS6.6AI score0.00125EPSS
Exploits12
Amazon
Amazon
added 4 days ago5 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter CVE-2026-43499 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about...

7.8CVSS6.6AI score0.00125EPSS
Exploits12
NVD
NVD
added 5 days ago8 views

CVE-2026-59225

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...

6.3CVSS0.00211EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-59225 Open WebUI: Arena task endpoints can bypass underlying model access controls

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...

5.4CVSS0.00211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago11 views

CVE-2026-59225

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...

5.4CVSS6AI score0.00211EPSS
Exploits0References5Affected Software1
CVE
CVE
added 5 days ago14 views

CVE-2026-59225

Open WebUI vulnerability CVE-2026-59225 affects versions 0.8.12 up to before 0.10.0. An authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model via task endpoints like /api/v1/tasks/moa/completions. The normal chat flow re-checks submodel ac...

6.3CVSS6AI score0.00211EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42639

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...

5.4CVSS6AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56888

Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.8.12 through 0.9.x Description An authenticated non-admin user with read access to an arena wrapper model can access a restricted underlying model. This occurs because task endpoints, such as...

6.3CVSS6.2AI score0.00211EPSS
Exploits0References9
NVD
NVD
added 6 days ago7 views

CVE-2026-14891

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS0.00316EPSS
Exploits0References1
CVE
CVE
added 6 days ago15 views

CVE-2026-14891

HashiCorp Nomad and Nomad Enterprise are affected by a sandbox escape in the Docker task driver that can allow a job submitter to bind-mount a host path into a container, potentially enabling reading/writing host files even when volume bind mounts are disabled. Affected versions include Nomad Com...

8.7CVSS6AI score0.00316EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-53951 Copier: trust-prefix bypass via path traversal runs tasks unprompted

Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...

8.8CVSS0.00189EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago3 views

kernel: procfs: fix missing RCU protection when reading real_parent in do_task_stat()

A flaw was found in the Linux kernel's procfs component. When reading /proc/pid/stat, the dotaskstat function accesses task-realparent without proper Read-Copy-Update RCU protection. This missing protection creates a race condition, which can lead to a Use-After-Free UAF vulnerability. A local...

7.8CVSS5.9AI score0.0012EPSS
Exploits0References5
Rows per page
Query Builder