CVE-2026-3958

A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/apiserver.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The...

CVE-2026-3958 Woahai321 ListSync JSON api_server.py requests.post server-side request forgery

A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/apiserver.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The...

CVE-2023-50477

An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js...

CVE-2025-46719

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A cross-site scripting vulnerability exists in versions of Open WebUI prior to 0.6.6 that stems from improper rendering of HTML tags in chat messages, which could lead to cross-site scripting...

CVE-2023-50477

An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js...

PT-2023-31576 · Unknown · Nos Client

Name of the Vulnerable Software and Affected Versions: nos client version 0.6.6 Description: An issue was discovered in the nos client, allowing remote attackers to escalate privileges via the getRPCEndpoint.js file. Recommendations: For nos client version 0.6.6, consider disabling the...

Calibre-Web Authorization Issues Vulnerability

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database. An authorization issue vulnerability exists in Calibre-Web version 0.6.6, which stems from the program's use of a hard-coded secret key that can be exploited by an attacker to bypass...

PT-2020-13173 · Calibre · Calibre-Web

Name of the Vulnerable Software and Affected Versions: Calibre-Web version 0.6.6 Description: The issue allows authentication bypass due to a hardcoded secret key 'A0Zr98j/3yX RXHH!jmNLWX/,?RT'. Recommendations: For Calibre-Web version 0.6.6, update the secret key to a unique and secure value to...

Asuswrt-Merlin Merlin.PHP component command execution vulnerability (CNVD-2018-21490)

Asuswrt-Merlin is a firmware from ASUS that runs in its routers.Merlin.PHP is one of the web-based admin panel components. A security vulnerability exists in the Asuswrt-Merlin Merlin.PHP component version 0.6.6. A remote attacker could exploit the vulnerability to execute arbitrary commands...

Asuswrt-Merlin Merlin.PHP Component Command Execution Vulnerability

Asuswrt-Merlin is a firmware from ASUS that runs in its routers.Merlin.PHP is one of the web-based admin panel components. A command execution vulnerability exists in version 0.6.6 of the Asuswrt-Merlin Merlin.PHP component that can be exploited by a remote attacker to execute arbitrary commands...

[SA18733] Heimdal rshd Server Privilege Escalation Vulnerability

TITLE: Heimdal rshd Server Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA18733 VERIFY ADVISORY: http://secunia.com/advisories/18733/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Heimdal 0.6.x http://secunia.com/product/3299/ Heimdal 0.7.x...