CVE-2026-45671

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile...

EUVD-2026-16482

Open WebUI's processfilesbatch endpoint missing ownership check, allows unauthorized file overwrite...

Insecure Direct Object Reference (IDOR)

pretix is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks on file UUIDs, which allows an attacker to access sensitive files of other users by manipulating or guessing valid UUID values...

AlmaLinux 10 : keylime (ALSA-2025:23201)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:23201 advisory. keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration CVE-2025-13609 Tenable has extracted the preceding description block directl...

SUSE-SU-2025:21194-1 Security update for keylime

This update for keylime fixes the following issues: Update to version 7.13.0+40. Security issues fixed: - CVE-2025-13609: possible agent identity takeover due to registrar allowing the registration of agents with duplicate UUIDs bsc1254199. - CVE-2025-1057: registrar denial-of-service due to...

CVE-2025-66565

Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator crypto/rand fails, both functions silently fall back to returning predictable UUID values, including the zero UUID...

EUVD-2025-201910

Malicious code in chai-uuids npm...

Malicious code in chai-uuids (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42324f1af790a75f6b7a0e081a7d97f1e299d3d3c8c815e37c594d0835ced4a6 The package chai-uuids was found to contain malicious code. Source: ghsa-malware 35cdb6e3e91aabd46ed85adb22b6972f688ae93b61f82f3cb8e2adb8f4294c48 Any...

MAL-2025-192383 Malicious code in chai-uuids (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42324f1af790a75f6b7a0e081a7d97f1e299d3d3c8c815e37c594d0835ced4a6 The package chai-uuids was found to contain malicious code. Source: ghsa-malware 35cdb6e3e91aabd46ed85adb22b6972f688ae93b61f82f3cb8e2adb8f4294c48 Any...

Malicious Package

Overview chai-uuids is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

PT-2025-49761

Name of the Vulnerable Software and Affected Versions Fiber Utils versions 2.0.0-rc.3 and below Description Fiber Utils is a collection of functions for Fiber. In versions 2.0.0-rc.3 and below, if the system’s cryptographic random number generator crypto/rand fails, the software silently reverts ...

EUVD-2022-0381

Malicious code in bioql PyPI...

EUVD-2022-0384

Malicious code in bioql PyPI...

EUVD-2023-0607

Malicious code in bioql PyPI...

SUSE CVE-2025-38593

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...

CVE-2025-40920

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable...

CVE-2023-46326

ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation...

CVE-2022-43304

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0...

CVE-2025-1416 Password disclosure in Proget MDM

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...

CVE-2025-1416

CVE-2025-1416 affects Proget MDM (Konsola Proget server). A low-privilege user can retrieve passwords for managed devices and then use MDM functions restricted to higher-privilege users. Exploitation requires knowing the UUIDs of targeted devices, which may be obtained via related flaws CVE-2025-...