Lucene search
K

4 matches found

CVE
CVE
added yesterday9 views

CVE-2026-14653

SourceCodester Simple and Nice Shopping Cart Script 1.0 contains an SQL injection in /admin/mensproductdeletequery.php exposed by manipulating the user_id argument. The vulnerability is remotely exploitable (attack vector: NETWORK) with LOW to MEDIUM impacts per CVSS data: Confidentiality, Integr...

7.5CVSS6.8AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:0 p.m.6 views

CVE-2026-44550

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...

5CVSS6AI score0.00287EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from FolderForm using modelconfig = ConfigDictextra=allow, which allowed arbitrary fields to ...

5CVSS5.9AI score0.00287EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/11 9:31 p.m.5 views

EUVD-2019-19764

Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit POST requests with crafted SQL payloads in the userid field to bypass authentication and extract...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
Rows per page
Query Builder