CVE-2026-45351

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...

CVE-2026-45351 Open WebUI: Exposure of System Prompt to Regular User [Non-Admin]

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...

CVE-2026-45351

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...

CVE-2026-5536 FedML-AI FedML gRPC server grpc_server.py sendMessage deserialization

A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpcserver.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this...

FEDML 路径遍历漏洞

FEDML is a unified and scalable machine learning training and deployment library open sourced by TensorOpera. Versions of FEDML 0.8.9 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter dataSet, which could lead to path travers...

FEDML 代码问题漏洞

FEDML is a unified and scalable machine learning training and deployment library open source by TensorOpera. Versions of FedML 0.8.9 and earlier have code vulnerabilities, which stem from a deserialization issue in the sendMessage function...

CVE-2025-66513

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...

CVE-2025-66513 Nextcloud Tables app share information not limited to relevant users

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table numeric ID is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9,...

PT-2025-49288

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions prior to 0.8.9 Nextcloud Tables versions prior to 0.9.6 Nextcloud Tables versions prior to 1.0.1 Description Nextcloud Tables allows users to create custom tables with defined columns. Before versions 0.8.9, 0.9.6, an...

EUVD-2016-8662

Malware in sbrugna...

go-f3 Vulnerable to Cached Justification Verification Bypass

Description A vulnerability exists in go-f3's justification verification caching mechanism where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by: 1. First submitting a valid message with a correct...

WordPress plugin Click & Tweet 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

OESA-2025-2296 apache-mime4j security update

Java stream based MIME message parser. Security Fixes: Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to...

Wrong pragma

Lines of code Vulnerability details Impact Use a buggy version of solidity with immutable. Proof of Concept The contract use immutable, and this solidity version defined in the pragma has some issues with them, as you can see here. Recommended Mitigation Steps Use at least 0.8.9 --- The text was...

CVE-2020-12079

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API...

Beaker Input Validation Error Vulnerability

Beaker is a web browser. A security vulnerability exists in Beaker versions prior to 0.8.9. An attacker can exploit the vulnerability to bypass sandbox protection, access information, and execute code...

CryptoNote Command Execution Vulnerability

CryptoNote is a cryptocurrency system. A security vulnerability exists in CryptoNote version 0.8.9, which stems from the program not requiring authentication. A remote attacker could exploit the vulnerability to execute commands and take control of a cryptocurrency wallet via a web page hosting...

CVE-2018-1000093

CryptoNote is reported to have a local RPC server (walletd/simplewallet) that does not require authentication in CryptoNote v0.8.9 and possibly later. This allows a remote attacker to issue commands to the RPC daemons, potentially leading to remote command execution and takeover of the cryptocurr...

Flatpak Security Bypass Vulnerability

Flatpak is a system for building and installing Linux desktop applications. A security vulnerability exists in the bus-proxy/flatpak-proxy.c file in Flatpak versions prior to 0.8.9, 0.9.x, and 0.10.x prior to 0.10.3. An attacker can exploit this vulnerability to bypass the sandbox with the help o...

mkclean Node_ValidatePtr Function Denial of Service Vulnerability

mkclean is a command line tool for cleaning and optimizing muxed Matroska .mkv / .mka / .mks / .mk3d and WebM .webm / .weba files. A denial of service vulnerability exists in the NodeValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9. Via a specially crafted mkv file, a remote...