CVE-2026-45675

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, line...

CVE-2026-28751

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

CVE-2026-27648

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

CVE-2026-27781

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

CVE-2026-25781

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered...

EUVD-2026-30834

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution...

CVE-2026-27766 multimedia_audio_framework has a Race Condition vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

EUVD-2026-30831

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

CVE-2026-25850

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

CVE-2026-25781

CVE-2026-25781 affects the OpenHarmony kernel_liteos_a in v6.0 and earlier. It is an out-of-bounds write vulnerability that allows a local attacker to cause a denial of service that cannot be recovered. The CVSSv3.1 base score is 8.4 (HIGH) with LOCAL, LOW attack complexity, and privileges requir...

EUVD-2026-30832

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered...

CVE-2026-25781

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered...

CVE-2026-28751

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

CVE-2026-27781 kernel_liteos_a has an integer overflow vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

EUVD-2026-30828

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

CVE-2026-25110 Sensors_medical_sensor has a NULL pointer dereference vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

midnight-ownpublickey-attack

Bounty 295: Why ownPublicKey Can't Be Trusted for Access...

CVE-2026-32312

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7...

CVE-2026-39250

An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...

PT-2026-41995

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description An unsigned integer underflow occurs in the Chunk constructor when processing a crafted HEIF sequence file containing samples per chunk=0 in the stsc box. This causes all samples to map to an empty...