Lucene search
K

538 matches found

vulnersOsv
vulnersOsv
added 2026/04/01 8:25 p.m.7 views

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-34222 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-34222 Source advisory: OSV:GHSA-7429-HXCV-268M...

7.7CVSS5.8AI score0.05271EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/01 5:2 p.m.1 views

CVE-2026-34222 Open WebUI has Broken Access Control in Tool Valves

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11...

7.7CVSS5.8AI score0.05271EPSS
Exploits1References2
OSV
OSV
added 2026/04/01 9:46 a.m.13 views

CLEANSTART-2026-VX40916 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-9h8m-3fm2-qjrq applied in versions: 0.16.0-r0

Multiple security vulnerabilities affect the kserve package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7AI score0.01945EPSS
Exploits2References22
Cvelist
Cvelist
added 2026/03/28 11:58 a.m.29 views

CVE-2018-25224 PMS 0.42 Stack-Based Buffer Overflow via Configuration File

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute she...

8.6CVSS0.00191EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/26 11:56 p.m.2 views

CVE-2026-27893 vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode trustremotecode=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This...

8.8CVSS6.5AI score0.01364EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:28 a.m.8 views

SUSE CVE-2026-25921

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...

9.3CVSS6.6AI score0.00327EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/24 1:34 a.m.3 views

CVE-2026-33307 mod_gnutils has stack-based buffer overflow caused by a long client certificate chain

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

7.5CVSS6AI score0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27310

Name of the Vulnerable Software and Affected Versions furnace versions prior to 0.7 Description An out-of-bounds read issue exists in the furnace software within the extern/libsndfile-modified/src modules when processing flac.C program files. Recommendations Update to a version of furnace at or...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.2 views

CVE-2026-3331 Lobot Slider Administrator <= 0.6.0 - Cross-Site Request Forgery to Settings Update

The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.0. This is due to missing or incorrect nonce validation on the fourtyslideroptionspage function. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

pinchtab 代码问题漏洞

Pinchtab is an open-source AI proxy browser control tool developed by Pinchtab. Versions of Pinchtab 0.8.2 and earlier contained code vulnerabilities. These vulnerabilities were caused by blind server-side request forgery in the download endpoint, which could lead to access to internal network...

5.8CVSS6.5AI score0.00289EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.6 views

PT-2026-26343

⚠️ Limited Disclosure — Full Details Pending A critical security vulnerability has been identified in Step CA. An updated version, v0.30.0, is available and all operators are strongly encouraged to upgrade immediately. Full details of this vulnerability will be published in this security advisory...

10CVSS5.8AI score0.00296EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.8 views

PT-2026-26167

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References9
CVE
CVE
added 2026/03/11 7:53 p.m.18 views

CVE-2026-32096

Plunk (open-source email platform built on AWS SES) contains a Server-Side Request Forgery (SSRF) in the SNS webhook handler prior to version 0.7.0. An unauthenticated attacker could craft a request that forced the server to perform an outbound HTTP GET to any host reachable from the server. The ...

9.3CVSS5.9AI score0.00273EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/10 6:18 p.m.4 views

CVE-2026-30977

RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This...

2CVSS0.00472EPSS
Exploits0References3
CVE
CVE
added 2026/03/10 4:52 p.m.25 views

CVE-2026-30945

CVE-2026-30945 : StudioCMS prior to 0.4.0 exposes an authorization flaw in DELETE /studiocms_api/dashboard/api-tokens. Any authenticated user with editor privileges or above can revoke API tokens for any user (including admin/owner) because tokenID and userID are taken directly from the request w...

7.1CVSS5.8AI score0.00452EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/03/08 2:15 p.m.5 views

CVE-2026-3739

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...

6.3CVSS5.5AI score
Exploits0References8
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/08 12:0 a.m.7 views

Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2026:0074-1 Rating: moderate References: Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-58190 SUSE:...

6.9CVSS7.4AI score0.00502EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/07 4:33 p.m.28 views

CVE-2026-30857 WeKnora: Unauthorized Cross‑Tenant Knowledge Base Cloning

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone duplicate another tenant’s knowledge base into their own tena...

5.3CVSS0.00222EPSS
Exploits1References1
CVE
CVE
added 2026/03/07 4:31 p.m.9 views

CVE-2026-30855

CVE-2026-30855 (WeKnora) : WeKnora is vulnerable prior to version 0.3.2 due to an authorization bypass in tenant-management endpoints, allowing an authenticated user to read/modify/delete tenants by ID. Because account registration is public, an unauthenticated attacker can register a new account...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/07 4:8 p.m.4 views

EUVD-2026-10158

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

5.9CVSS5.6AI score0.00602EPSS
Exploits1References3
Rows per page
Query Builder