283 matches found
EUVD-2026-34255
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...
CVE-2026-43924
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...
CVE-2026-43924
Summary: CVE-2026-43924 affects FOSSBilling prior to v0.8.0, where the Redirect module does not validate URL schemes for administrator-configured redirect targets, allowing open redirects. This can cause legitimate user traffic to be redirected to attacker-controlled sites via a 301 response (bro...
EUVD-2026-33600
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...
CVE-2026-45134
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...
Use-after-free
Affected versions of oneringbuf exposed the obsolete IntoRef::intoref method through the public IntoRef trait. For heap-backed ring buffers, this method returned a DroppableRef handle. DroppableRef stored an owning raw pointer created from Box::intoraw. Its Clone implementation copied this raw...
CVE-2026-45665
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...
CVE-2026-45667
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDINGFUNCTION.... This allows any unauthenticated caller to trigger embedding generati...
CVE-2026-44549
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheettohtml to embed an XSS payload into the generated...
CVE-2026-45667
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDINGFUNCTION.... This allows any unauthenticated caller to trigger embedding generati...
CVE-2026-45665
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...
EUVD-2026-30639
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheettohtml to embed an XSS payload into the generated...
CVE-2026-44549 Open WebUI: Stored XSS in excel file preview
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheettohtml to embed an XSS payload into the generated...
CVE-2026-44549
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheettohtml to embed an XSS payload into the generated...
CVE-2026-45665
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...
EUVD-2026-30664
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...
CVE-2026-45665
Open WebUI contains a Stored XSS in the Banner component due to incorrect sanitization order (DOMPurify before marked.parse). The vulnerability allows a compromised administrator to store a payload in the global banner that is rendered for all users, including the Super Admin, enabling privilege ...
CVE-2026-45667
Open WebUI vulnerability CVE-2026-45667: Before version 0.8.0, the unauthenticated GET /api/v1/memories/ef could trigger EMBEDDING_FUNCTION(...) and cause embedding generation, potentially incurring costs if paid providers are used. The issue is rooted in exposing a cost/resource–intensive operat...
PT-2026-41200
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description The endpoint "/api/v1/memories/ef" is accessible without authentication and executes the function request.app.state.EMBEDDING FUNCTION. This allows unauthenticated users to trigger embedding...
CVE-2026-7397
The CVE affects NousResearch hermes-agent v0.8.0, specifically the _check_sensitive_path logic in tools/file_tools.py, enabling symlink following when exploited locally. Details from connected records indicate the issue arises from path handling that can be manipulated by an attacker with local a...