CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

94 matches found

RedhatCVE•added 2026/05/19 7:57 a.m.•5 views

CVE-2026-45675

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, line...

8.1CVSS5.9AI score0.00115EPSS

Exploits1References1

NVD•added 2026/05/15 8:16 p.m.•4 views

CVE-2026-45675

8.1CVSS0.00115EPSS

Exploits1References3

Cvelist•added 2026/05/15 7:12 p.m.•30 views

CVE-2026-45675 Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts

8.1CVSS0.00115EPSS

Exploits1References3

Github Security Blog•added 2026/05/14 8:28 p.m.•3 views

Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts

Summary The LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, line 663 was explicitly patched to prevent this race with the comment "Insert with default role first to avoid...

8.1CVSS5.8AI score0.00115EPSS

Exploits1References6Affected Software1

RedhatCVE•added 2026/05/12 8:22 p.m.•3 views

CVE-2026-44987

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

3.8CVSS5.7AI score0.00025EPSS

Exploits0References1

NVD•added 2026/05/08 11:16 p.m.•7 views

CVE-2026-44987

3.8CVSS0.00025EPSS

Exploits0References2

EUVD•added 2026/05/08 9:59 p.m.•4 views

EUVD-2026-28870

3.8CVSS5.7AI score0.00025EPSS

Exploits0References2

CVE•added 2026/05/08 9:59 p.m.•5 views

CVE-2026-44987

SysReptor (fully customizable pentest reporting platform) has a privilege-escalation issue in versions before 2026.29: users with User Admin permissions can change the emails of users with Superuser permissions. If the installed forgot-password feature is enabled (non-default), these users can re...

3.8CVSS5.7AI score0.00025EPSS

Exploits0References2

Cvelist•added 2026/05/08 9:59 p.m.•29 views

CVE-2026-44987 SysReptor: Privilege Escalation from User Admin to Superuser

3.8CVSS0.00025EPSS

Exploits0References2

Vulnrichment•added 2026/05/08 9:59 p.m.•3 views

CVE-2026-44987 SysReptor: Privilege Escalation from User Admin to Superuser

3.8CVSS5.7AI score0.00025EPSS

Exploits0References2

Positive Technologies•added 2026/05/08 12:0 a.m.•7 views

PT-2026-39211

Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2026.29 Description Users with "User Admin" permissions can modify the email addresses of users with "Superuser" permissions. When the "Forgot Password" functionality is enabled, these users can reset Superuser...

3.8CVSS5.8AI score0.00025EPSS

Exploits0References4

Tenable Nessus•added 2025/12/05 12:0 a.m.•2 views

rConfig RCE (CVE-2020-10221)

The version of rConfig installed on the remote host is affected by a remote code executionvulnerability, as follows: - The flaw exists due to insufficient input validation in the userAdmin.inc.php component, which allows an unauthenticated attacker to upload arbitrary files to the server. By...

9CVSS8.5AI score0.91391EPSS

Exploits5References2

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2019-2434

Malware in sbrugna...

8.8CVSS8.8AI score0.00307EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2006-4375

Malware in sbrugna...

4.6CVSS6.4AI score0.0009EPSS

Exploits0References8