4 matches found
CVE-2026-42461
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...
PT-2026-36823
Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.18.0 Description Four 'GET' endpoints under "/api/templates" in the Huma backend are registered without security requirements. This authorization gap allows any unauthenticated network client to list and read the ful...
CVE-2026-35484
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadpreset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...
UBUNTU-CVE-2024-36464
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords...