CVE-2026-38728

The vulnerability CVE-2026-38728 affects Nodemailer smtp_server prior to version 3.18.3. The issue is triggered in the SMTPStream._write implementation (lib/smtp-stream.js), allowing a remote attacker to cause a denial of service. Impact is a DoS on the SMTP server component mentioned. The root c...

Linux Distros Unpatched Vulnerability : CVE-2026-44637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer...

Adobe Substance 3D Designer <= 15.1.0 Multiple Vulnerabilities (APSB26-52)

The version of Adobe Substance 3D Designer installed on the remote host is prior or equal to 15.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-52 advisory. - Substance3D - Designer versions 15.1.0 and earlier are affected by a Server-Side Request Forgery...

Linux Distros Unpatched Vulnerability : CVE-2026-8669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the export process. An attacker can write files to arbitrary locations on the filesystem by uploading an asset with a crafted filename containing directory traversal sequences and then triggering an administrator...

GHSA-26G9-27VM-X3Q8 Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion

Summary Any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile authorization gate unconditionally grants access through its shared-chat branch. It checks neither the requesting...

GHSA-4G37-7P2C-38R9 Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls

IDOR: Retrieval API Bypasses Knowledge Base Access Controls Author: Andrew Orr Summary validatecollectionaccess PR 22109 checks the user-memory- and file- collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any authenticated user who...

Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls

IDOR: Retrieval API Bypasses Knowledge Base Access Controls Author: Andrew Orr Summary validatecollectionaccess PR 22109 checks the user-memory- and file- collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any authenticated user who...

Incorrect Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization through the updatetoolsbyid handler in routers/tools.py. An attacker can execute arbitrary Python code on the server by sending a tool update that modifies the tool's content after...

GHSA-JX2X-J75F-XQ3J Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)

Summary The POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can pin/unpin it, which is a state-modifying action that should require write permission. All other write endpoin...

Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)

Summary The POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can pin/unpin it, which is a state-modifying action that should require write permission. All other write endpoin...

CVE-2026-8597

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

CVE-2026-8567

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8559

Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2026-8552

Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2026-8553

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2026-8554

Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2026-8548

Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-8526

Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-8519

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...