Lucene search
K

7 matches found

Snyk
Snyk
added 2026/06/17 5:55 p.m.6 views

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the validateurl process. An attacker can access internal network resources and sensitive information by supplying a URL that redirects to internal addresses, bypassing the...

7.7CVSS5.9AI score0.00287EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 2:15 p.m.4 views

Protection Mechanism Failure

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Protection Mechanism Failure via the profileimageurl field in the model metadata process. An attacker can execute arbitrary JavaScript in the context of another user's session by storing a crafted SVG payload...

7.6CVSS6.1AI score0.00174EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/11 7:40 p.m.17 views

Arbitrary Code Injection

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Arbitrary Code Injection via createFunction in executorUtils.ts. An attacker can escape the sandbox and execute arbitrary code in the host environment by leveraging access to interna...

10CVSS6.2AI score0.00472EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.5 views

CVE-2021-41260

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue...

8.8CVSS6.7AI score0.00434EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-41260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross...

8.8CVSS7.8AI score0.00434EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.3 views

PT-2025-6207 · Openv2G · Openv2G

Name of the Vulnerable Software and Affected Versions: OpenV2G versions prior to 0.9.6 Description: A vulnerability has been identified in the OpenV2G EXI parsing feature, which is missing a length check when parsing X509 serial numbers. This allows an attacker to introduce a buffer overflow,...

6.9CVSS7.4AI score0.00369EPSS
Exploits0References6
OSV
OSV
added 2021/12/16 7:15 p.m.2 views

UBUNTU-CVE-2021-41262

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known...

8.8CVSS7.4AI score0.01051EPSS
Exploits0References4
Rows per page
Query Builder