CVE-2026-45303

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend provides a function to visualize the HTML content of a current chat. The content is embedded in an...

SUSE CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

CVE-2026-5140 Authorization Bypass in TUBITAK BILGEM's Pardus Update

Improper neutralization of CRLF sequences 'CRLF injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects Pardus Update: from 0.6.3 before 0.6.4...

CLEANSTART-2026-PV98664 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68119, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-m6hq-p25p-ffr2, ghsa-p77j-4mvh-x3m3, ghsa-pwhc-rpq9-4c8w applied in versions: 0.6.4-r5, 0.6.4-r6, 0.7.0-r4

Multiple security vulnerabilities affect the k8ssandra-client-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-24996

Missing Authorization vulnerability in wpelemento WPElemento Importer wpelemento-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPElemento Importer: from n/a through = 0.6.4...

PT-2026-6241

Name of the Vulnerable Software and Affected Versions WPElemento Importer versions through 0.6.4 Description The WPElemento Importer software contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue is a missing...

WordPress WPElemento Importer plugin <= 0.6.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WPElemento Importer versions = 0.6.4...

vLLM 安全漏洞

vLLM is vLLM open source a high throughput and memory efficient inference and service engine for LLM. A security vulnerability exists in vLLM version 0.6.4 up to and including version 0.12.0, which stems from the fact that sending specially crafted 1x1 pixel images results in a tensor dimension...

eve-elastic (=2.6.0), eve-sqlalchemy (>=0.5.0 <=0.7.1) +1 more potentially affected by CVE-2018-8097 via eve (>=0.6.4 <=0.7.10)

eve PYPI version =0.6.4, =0.5.0, =1.0.0, =1.4.0rc2 Source cves: CVE-2018-8097 Source advisory: OSV:PYSEC-2018-8...