openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-29071 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-29071 Source advisory: OSV:GHSA-W9F8-GXF9-RHVW...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-29070 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-29070 Source advisory: OSV:GHSA-26GM-93RW-CCHF...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-29070 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-29070 Source advisory: SNYK:PYTHON-OPENWEBUI-15855407...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-28788 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-28788 Source advisory: SNYK:PYTHON-OPENWEBUI-15844831...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-28786 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-28786 Source advisory: OSV:GHSA-VVXM-VXMR-624H...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-28786 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-28786 Source advisory: SNYK:PYTHON-OPENWEBUI-15855399...

MLflow 信息泄露漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. However, MLFlow has a vulnerability related to information leakage. This vulnerability stems from...

CVE-2026-3090

The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eventtype’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...

netfilter: xt_CT: drop pending enqueued packets on template removal

...

TOR Virtual Network Tunneling Tool 0.4.9.6

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

Grafana Tempo 安全漏洞

Grafana Tempo is a distributed tracking data storage and querying system developed by Grafana in open source. There is a security vulnerability in Grafana Tempo, which stems from the /status/config endpoint exposing the S3 SSE-C encryption key in plain text. This could allow unauthorized users to...

Best Klaviyo Alternatives for Revenue Growth and Advanced Analytics

Top Klaviyo alternatives offer advanced analytics, automation, and insights to help e-commerce brands improve campaigns, boost revenue, and track performance...

EUVD-2026-15392

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...

SUSE CVE-2026-4728

Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

CVE-2026-4728

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the Privacy: Anti-Tracking component...

CVE-2026-23391

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...

CVE-2026-23391

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. There were security vulnerabilities in versions of Nats-Server from 2.11.0 to 2.11.15, as well as in version 2.12.6. These vulnerabilities stemmed from the ability of...

CVE-2026-33345 solidtime vulnerable to IDOR in private projects

solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/org/projects/project allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a member of. The index...

EUVD-2026-14996

solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/org/projects/project allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a member of. The index...