Lucene search
K

2300 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-42621

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILLMENTIONRE and stripre regular expressions in backend/openwebui/utils/middleware.py parsed skill mentions with overlapping quantifiers, allowing an authenticated chat message...

6.5CVSS6AI score
Exploits1References3
EUVD
EUVD
added yesterday8 views

EUVD-2026-42445

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-5922

CVE-2026-5922 affects Poly Voice IP phones; a vulnerability exists where malicious input stored in configuration parameters is rendered in the WebUI, enabling cross-site scripting (XSS) and potentially allowing unauthorized modification of the WebUI. Root cause appears to be input stored in confi...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References2
CVE
CVE
added 2 days ago8 views

CVE-2026-5923

CVE-2026-5923 affects Poly Voice IP phones’ WebUI. A stolen cookie may enable CSRF to modify the WebUI contents. Impact: integrity and availability High; confidentiality Low. Exploitation status and fixes are not detailed in the provided documents; no patch/version info is given.

6CVSS5.9AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:7 p.m.25 views

CVE-2026-13054

CVE-2026-13054 describes a path traversal vulnerability in the WatchGuard Fireware OS Management Web UI that allows a privileged authenticated attacker to write arbitrary files on the Firebox filesystem. Affected: Fireware OS 11.0–11.12.4_Update1, 12.0–12.12, and 2025.1–2026.2. CVSS v4.0 vector i...

8.6CVSS5.9AI score0.00389EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2026-40579

Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via malicious network traffic. Chromium security severity: Medium...

5.8AI score0.00293EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-13893

Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via malicious network traffic. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00293EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.4 views

CVE-2026-13893

Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via malicious network traffic. Chromium security severity: Medium...

6.5CVSS0.00293EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:38 p.m.16 views

CVE-2026-13893

CVE-2026-13893 affects Google Chrome (WebUI) with insufficient validation of untrusted input in WebUI, allowing a remote attacker to leak cross-origin data via malicious network traffic. Affected component: Chrome/WebUI; root cause: insufficient input validation in WebUI before version 150.0.7871...

6.5CVSS5.8AI score0.00293EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/30 9:16 p.m.7 views

CVE-2025-36323

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 8:22 p.m.13 views

CVE-2025-36320

IBM watsonx.data intelligence (versions 5.2.0, 5.2.1, 5.2.2, 5.3.0) is described as vulnerable to stored cross-site scripting. The vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering functionality and leading to credentials disclosure ...

6.4CVSS5.5AI score0.00257EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:22 p.m.35 views

CVE-2025-36320 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.4CVSS0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:19 p.m.6 views

EUVD-2025-210380

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.5AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 8:19 p.m.12 views

CVE-2025-36323

IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are vulnerable to cross-site scripting. An authenticated user can embed arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. The reported CVSSv3....

5.4CVSS5.5AI score0.00231EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:19 p.m.31 views

CVE-2025-36323 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 12:54 p.m.22 views

CVE-2026-58116

CVE-2026-58116 affects LLaMA-Factory up to version 0.9.5. A remote code execution vulnerability exists when a malicious model path is supplied via WebUI Chat/Training interfaces; unvalidated input is passed to AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with trust_remote_code=...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 12:54 p.m.32 views

CVE-2026-58116 LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS0.00497EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 12:54 p.m.5 views

CVE-2026-58116

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References3
Rows per page
Query Builder