2423 matches found
CVE-2026-13054
CVE-2026-13054 describes a path traversal vulnerability in the WatchGuard Fireware OS Management Web UI that allows a privileged authenticated attacker to write arbitrary files on the Firebox filesystem. Affected: Fireware OS 11.0–11.12.4_Update1, 12.0–12.12, and 2025.1–2026.2. CVSS v4.0 vector i...
EUVD-2026-40579
Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via malicious network traffic. Chromium security severity: Medium...
DEBIAN-CVE-2026-13893
Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via malicious network traffic. Chromium security severity: Medium...
CVE-2026-13893
Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via malicious network traffic. Chromium security severity: Medium...
CVE-2026-13893
CVE-2026-13893 affects Google Chrome (WebUI) with insufficient validation of untrusted input in WebUI, allowing a remote attacker to leak cross-origin data via malicious network traffic. Affected component: Chrome/WebUI; root cause: insufficient input validation in WebUI before version 150.0.7871...
CVE-2025-36323
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2025-36320
IBM watsonx.data intelligence (versions 5.2.0, 5.2.1, 5.2.2, 5.3.0) is described as vulnerable to stored cross-site scripting. The vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering functionality and leading to credentials disclosure ...
CVE-2025-36320 Vulnerabilities found in Watson Data Intelligence
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
EUVD-2025-210380
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2025-36323
IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are vulnerable to cross-site scripting. An authenticated user can embed arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. The reported CVSSv3....
CVE-2025-36323 Vulnerabilities found in Watson Data Intelligence
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2026-58116
CVE-2026-58116 affects LLaMA-Factory up to version 0.9.5. A remote code execution vulnerability exists when a malicious model path is supplied via WebUI Chat/Training interfaces; unvalidated input is passed to AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with trust_remote_code=...
CVE-2026-58116 LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path
LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...
CVE-2026-58116
LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...
PT-2026-53876
Name of the Vulnerable Software and Affected Versions LLaMA-Factory versions prior to 0.9.6 Description Remote code execution is possible via the WebUI Chat and Training interfaces. The application fails to validate user-supplied model paths before passing them to the AutoTokenizer.from pretraine...
PYSEC-2026-435 Open WebUI has an LDAP Empty Password Authentication Bypass
LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...
GHSA-C6V2-3FFM-VCMC Nebula Mesh: Web UI lacks ownership checks, enabling cross-operator access to hosts and networks (read, block, delete)
Summary The web UI /ui/ does not apply the per-operator CA scoping the JSON API received for GHSA-598g-h2vc-h5vg. Any authenticated non-admin operator for example, one created via self-registration or OIDC can access resources belonging to other operators. Impact A non-admin operator can: - Block...
GO-2026-5662 Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer in github.com/prometheus/prometheus
Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer in github.com/prometheus/prometheus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this...
CVE-2026-48946 Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26
The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...
CVE-2026-48944
The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...