7 matches found
Server-side Request Forgery (SSRF)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the validateurl function in the URL parsing and request-routing path. An attacker can reach internal or loopback targets by supplying a URL containing a backslash, tab...
Missing Authentication for Critical Function
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the getstatus function. An attacker can access sensitive configuration details by sending an unauthenticated HTTP GET request to the affected endpoint...
uv has differential in tar extraction with PAX headers
Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution as a tar archive that would extract differently when installed via uv versus other Python package...
PT-2025-42899
Name of the Vulnerable Software and Affected Versions astral-tokio-tar versions prior to 0.5.6 async-tar versions prior to 0.5.6 tokio-tar versions prior to 0.5.6 Description astral-tokio-tar, async-tar, and tokio-tar are vulnerable to a boundary parsing issue due to inconsistent handling of...
CVE-2025-58051
CVE-2025-58051 affects Nextcloud Tables. Prior to versions 0.7.6, 0.8.8, and 0.9.5, the app allowed a user importing a table to specify server files; if the file format is supported by PhpSpreadsheet, the file content could be leaked to the user via path traversal. This is a server-side disclosur...
Improper Restriction of Rendered UI Layers or Frames
Overview nbgrader is an A system for assigning and grading notebooks Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames due to the improper configuration of the frame-ancestors directive. An attacker can extract sensitive content by crafting...
PT-2022-8093 · Hashicorp · Hashicorp Nomad
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad versions 0.5.0 through 0.9.4 Description: The issue reveals unintended environment variables to the rendering task during template rendering. This applies to the nomad/client/allocrunner/taskrunner/template module...