Lucene search
K

7 matches found

Snyk
Snyk
added 2026/05/14 8:27 p.m.9 views

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the validateurl function in the URL parsing and request-routing path. An attacker can reach internal or loopback targets by supplying a URL containing a backslash, tab...

8.5CVSS5.8AI score0.00292EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 8:26 p.m.9 views

Missing Authentication for Critical Function

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the getstatus function. An attacker can access sensitive configuration details by sending an unauthenticated HTTP GET request to the affected endpoint...

6.9CVSS5.8AI score0.0072EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/10/21 6:53 p.m.5 views

uv has differential in tar extraction with PAX headers

Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution as a tar archive that would extract differently when installed via uv versus other Python package...

8.1CVSS7.6AI score0.00688EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/21 12:0 a.m.3 views

PT-2025-42899

Name of the Vulnerable Software and Affected Versions astral-tokio-tar versions prior to 0.5.6 async-tar versions prior to 0.5.6 tokio-tar versions prior to 0.5.6 Description astral-tokio-tar, async-tar, and tokio-tar are vulnerable to a boundary parsing issue due to inconsistent handling of...

9.4CVSS8.1AI score0.00688EPSS
Exploits2References101
CVE
CVE
added 2025/10/16 4:48 p.m.16 views

CVE-2025-58051

CVE-2025-58051 affects Nextcloud Tables. Prior to versions 0.7.6, 0.8.8, and 0.9.5, the app allowed a user importing a table to specify server files; if the file format is supported by PhpSpreadsheet, the file content could be leaked to the user via path traversal. This is a server-side disclosur...

6.5CVSS6.4AI score0.00485EPSS
Exploits0References3
Snyk
Snyk
added 2025/01/17 4:29 p.m.3 views

Improper Restriction of Rendered UI Layers or Frames

Overview nbgrader is an A system for assigning and grading notebooks Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames due to the improper configuration of the frame-ancestors directive. An attacker can extract sensitive content by crafting...

8.6CVSS7AI score0.00453EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.2 views

PT-2022-8093 · Hashicorp · Hashicorp Nomad

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad versions 0.5.0 through 0.9.4 Description: The issue reveals unintended environment variables to the rendering task during template rendering. This applies to the nomad/client/allocrunner/taskrunner/template module...

5.3CVSS6.8AI score0.00589EPSS
Exploits0References17
Rows per page
Query Builder