CVE-2026-44564

Open WebUI (self-hosted offline AI platform) contains a vulnerability in the ydoc:document:update Socket.IO handler that allows read-only users to modify in-memory Yjs documents. The handler validates room membership but does not verify write permission, and read-only users join the document room...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI based on the open-source Open WebUI framework. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the ydoc:document:update Socket.IO event handler, which checke...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from f2fs not properly checking write permissions, resulting in access control that can bypass SELinux or Landlock...

Design/Logic Flaw

The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data...

PT-2002-2591 · Heysoft +1 · Heysoft Eventsave +1

Name of the Vulnerable Software and Affected Versions: Heysoft EventSave versions 5.1 through 5.2 Heysoft EventSave+ versions 5.1 through 5.2 Description: The issue allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer...