Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/05/19 7:57 a.m.10 views

CVE-2026-45675

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, line...

8.1CVSS5.9AI score0.00354EPSS
Exploits1References1
OSV
OSV
added 2026/04/17 1:3 p.m.4 views

OESA-2026-1984 avahi security update

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...

5.5CVSS5.7AI score0.00203EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/02/16 11:57 a.m.7 views

WordPress Link Whisper Free plugin <= 0.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Link Whisper Free versions = 0.9.1...

7.1CVSS5.2AI score0.0018EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/30 3:24 a.m.8 views

CVE-2025-71011

An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

6.2CVSS5.9AI score0.00145EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/08 1:18 p.m.6 views

CVE-2025-30989

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas libro-de-reclamaciones-y-quejas allows SQL Injection.This issue affects Libro de Reclamaciones y Quejas: from n/a through = 0.9...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:41 a.m.5 views

CVE-2024-46362

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createdirectory...

8.8CVSS7.6AI score0.00304EPSS
Exploits1References1
OSV
OSV
added 2025/04/27 8:15 p.m.3 views

DEBIAN-CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

8.4CVSS6.2AI score0.00271EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.5 views

whoogle-search 安全漏洞

whoogle-search is an application from the personal developer Ben Busby. Self-hosted, ad-free, privacy-respecting meta-search engine. A security vulnerability exists in whoogle-search version v0.9.0, which stems from the /models/config.py component that allows execution of arbitrary code via a...

7.3CVSS7.2AI score0.00465EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2024/03/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-32849

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...

9CVSS7.5AI score0.0765EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/09/28 4:15 a.m.5 views

CVE-2023-38873

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS5.8AI score0.00634EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/06/18 9:12 p.m.5 views

libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions

libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument...

7.5CVSS7.3AI score0.0245EPSS
Exploits0References4
CNVD
CNVD
added 2020/06/18 12:0 a.m.4 views

Unspecified Vulnerability in LibVNCServer (CNVD-2020-36785)

LibVNCServer is a cross-platform C library that supports the implementation of VNC Virtual Network Computing server or client functionality in programs. A security vulnerability exists in LibVNCServer versions prior to 0.9.13. The vulnerability can be exploited by an attacker to access byte-align...

7.5CVSS9.2AI score0.02802EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/06 12:0 a.m.2 views

PHP File Manager Authentication Bypass Vulnerability

PHP File Manager is a suite of applications for managing web sites using PHP scripts. An authentication bypass vulnerability exists in PHP File Manager version 0.9.8 due to incorrectly registered global variables. An attacker is able to override the block key group, establish a valid session, and...

7.3AI score
Exploits0References1
securityvulns
securityvulns
added 2004/09/14 12:0 a.m.25 views

Insecure file permissions in the Firefox browser for Linux &gt;= v0.9

after installing firefox many of the permissions are set to 777, allowing anyone on the system to change the contents of the executable files. this first occured in the 0.9 release in the tar.gz release as well as in the installer. the problem or is it called a feature now? still exists in the...

1.2AI score
Exploits0
Rows per page
Query Builder