CVE-2026-45396

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

CVE-2019-11697

If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on th...

CVE-2025-14273

Mattermost with the Jira plugin enabled is affected by CVE-2025-14273. The issue is an improper authentication/authorization flaw in which Mattermost Jira plugin versions <= 4.4.0 fail to enforce authentication and issue-key path restrictions, enabling an unauthenticated attacker who knows a v...

CVE-2025-14273 Mattermost Jira plugin user spoofing enables Jira request forgery.

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

EUVD-2012-2344

Malware in sbrugna...

EUVD-2020-25537

Malware in sbrugna...

EUVD-2001-1338

Malware in sbrugna...

EUVD-2002-0312

Malware in sbrugna...

EUVD-2002-0008

Malware in sbrugna...

EUVD-2007-1180

Malware in sbrugna...

EUVD-2016-0374

Malware in sbrugna...

EUVD-2017-14433

Malware in sbrugna...

EUVD-2022-27928

Malicious code in bioql PyPI...

EUVD-2022-0962

Malicious code in bioql PyPI...

EUVD-2022-53136

Malicious code in bioql PyPI...

EUVD-2025-22333

Malicious code in bioql PyPI...

CVE-2025-51862

Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...

CVE-2025-51862

Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...

CVE-2025-51862

Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...