Lucene search
K
VulnrichmentRecent

161701 matches found

Vulnrichment
Vulnrichment
added 2026/06/23 6:16 p.m.5 views

CVE-2026-53754 Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach...

7.5CVSS5.9AI score0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 6:15 p.m.5 views

CVE-2026-53755 Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through...

8.6CVSS5.8AI score0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 6:11 p.m.4 views

CVE-2026-54320 Daytona: Cross-tenant organization takeover via invitation acceptance with an unverified email

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and...

8.4CVSS6.2AI score0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 6:10 p.m.7 views

CVE-2026-54321 Daytona: Public sandbox previews remain accessible for up to one hour after being made private

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached...

7CVSS6.3AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 6:8 p.m.10 views

CVE-2026-54319 Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A...

4.2CVSS6.2AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 6:7 p.m.6 views

CVE-2026-54322 Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

7.7CVSS6.3AI score0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 6:7 p.m.5 views

CVE-2026-54324 Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification...

6.5CVSS6.3AI score0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 6:6 p.m.4 views

CVE-2026-54323 Daytona: Git credential leak via git clone with TLS verification disabled

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...

5.9CVSS6.4AI score0.00117EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 6:0 p.m.5 views

CVE-2020-9695 Acrobat Reader | Out-of-bounds Write (CWE-787)

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...

7.8CVSS6.4AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:58 p.m.4 views

CVE-2020-9711 Acrobat Reader | Out-of-bounds Read (CWE-125)

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation o...

5.5CVSS5.8AI score0.00185EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:56 p.m.5 views

CVE-2026-45135 Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files

Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct fla...

8.1CVSS6.5AI score0.00399EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:55 p.m.4 views

CVE-2026-45692 Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different...

5.4CVSS5.8AI score0.00144EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:52 p.m.3 views

CVE-2026-52845 Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:50 p.m.4 views

CVE-2026-52844 Caddy: Windows `file_server` path authorization bypass via encoded backslash

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy...

7.5CVSS6AI score0.00409EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:47 p.m.5 views

CVE-2026-52846 Caddy: stripHTML template function bypass

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...

4.2CVSS5.8AI score0.00153EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:47 p.m.4 views

CVE-2020-9713 Acrobat Reader | Out-of-bounds Read (CWE-125)

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose...

5.5CVSS5.7AI score0.00185EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:43 p.m.5 views

CVE-2026-54157 LobeHub: Unauthenticated SSRF in `/webapi/proxy`

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make...

9CVSS6.1AI score0.0178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:42 p.m.6 views

CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/23 5:40 p.m.6 views

CVE-2026-54318 Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services...

7.1CVSS5.9AI score0.00113EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/23 5:39 p.m.5 views

CVE-2026-54317 Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False....

7.6CVSS5.8AI score0.00193EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:36 p.m.4 views

CVE-2026-53662 immich: One-click account takeover via XSS in login page continue redirect

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS5.8AI score0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 5:24 p.m.6 views

CVE-2026-55517 Deno: Denial of service via non-ASCII bytes in WebSocket response headers

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.5, a Deno program that opens a client WebSocket connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the Sec-WebSocket-Protocol and Sec-WebSocket-Extensions response...

4.3CVSS5.9AI score0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:24 p.m.5 views

CVE-2026-44726 Deno: TLS retry copies stale upgrade hook, risking plaintext traffic

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt...

7.4CVSS5.9AI score0.00142EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:22 p.m.5 views

CVE-2026-49401 Deno Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...

7.3CVSS6AI score0.00144EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:21 p.m.4 views

CVE-2025-71382 MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering

MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...

7.1CVSS6AI score0.00316EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/06/23 5:20 p.m.5 views

CVE-2026-49402 Deno: Command Injection via spawnSync & spawn on Windows

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.e...

8.1CVSS6.1AI score0.00283EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:19 p.m.4 views

CVE-2026-49406 Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictions

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field...

5.5CVSS5.9AI score0.00135EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:18 p.m.6 views

CVE-2026-49411 Deno Node TCPWrap numeric hostname aliases bypass --deny-net resolved-IP deny checks

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before resolution and then did not re-check after resolution. A caller could therefore pass a numeric alias of an IP address fo...

6.5CVSS5.8AI score0.00111EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:16 p.m.4 views

CVE-2026-49983 Deno: process.loadEnvFile() bypasses env permission checks and mutates process.env with only read access

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with --deny-env, or restrict it to a specific allowlist with --allow-env=FOO,BAR. The expectation is that a program running without env permission cannot...

5.2CVSS5.9AI score0.00098EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:15 p.m.4 views

CVE-2026-49860 Deno: WebSocket API sandbox bypass via missing post-DNS check

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially...

5.2CVSS5.8AI score0.00101EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:14 p.m.4 views

CVE-2026-49859 Deno: `fetch()` API sandbox bypass via missing DNS resolution check

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name...

5.2CVSS5.8AI score0.00101EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:13 p.m.4 views

CVE-2026-49440 Deno: Miller-Rabin Primality Test Allows Zero Rounds

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrimecandidate, options, callback and crypto.checkPrimeSynccandidate, options ran no Miller-Rabin rounds at all when the caller left options.checks at its default of 0. In that mode, the only test applied ...

7.4CVSS5.8AI score0.00149EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 5:8 p.m.3 views

CVE-2026-54257 Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in t...

9.3CVSS6AI score0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:6 p.m.5 views

CVE-2026-54316 Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

6CVSS5.9AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:3 p.m.5 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.3CVSS6AI score0.00146EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/23 4:51 p.m.3 views

CVE-2026-54007 Open WebUI: Cross-origin postMessage confirmation bypass via action:submit

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows non-same-origin input:prompt and action:submit messages, so an external site can set prompt text and trigger submitPrompt in an authenticated victim...

7.1CVSS5.7AI score0.00162EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:50 p.m.3 views

CVE-2026-54006 Open WebUI: Calendar event re-parenting allows writing events into another user's calendar

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/eventid/update validates that the caller has write access to the calendar the event currently belongs to, but does not validate the destination calendar...

4.3CVSS5.9AI score0.00179EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:50 p.m.6 views

CVE-2026-54008 Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/openwebui/utils/oauth.py::processpictureurl calls validateurlpictureurl on the initial URL only, then invokes aiohttp.ClientSession.getpictureurl, ... without...

8.5CVSS5.9AI score0.00203EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:49 p.m.5 views

CVE-2026-54009 Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the...

6.5CVSS5.9AI score0.00225EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:48 p.m.6 views

CVE-2026-54010 Open WebUI: Forged chat-file link allows cross-user file read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary fileid values to their own chat message without checking whether they own or can read those files. If the attacker then shares...

8.3CVSS6AI score0.00241EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:47 p.m.15 views

CVE-2026-54011 Open WebUI: Stored XSS in Mermaid Markdown Preview

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...

8.7CVSS6AI score0.002EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:47 p.m.3 views

CVE-2026-54012 Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the...

7.1CVSS6AI score0.00198EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:46 p.m.6 views

CVE-2026-54013 Open WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUI

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but forgot to apply the same fix to model profile images. The ModelMeta class has no...

7.6CVSS5.8AI score0.00174EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:45 p.m.3 views

CVE-2026-54014 Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache...

4.3CVSS5.9AI score0.00244EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:44 p.m.6 views

CVE-2026-54015 Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the promptid in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that...

6.4CVSS5.9AI score0.00169EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:43 p.m.4 views

CVE-2026-54016 Open WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization BOLA vulnerability in the builtin searchknowledgefiles tool. When native function calling is enabled and the selected model has no...

4.3CVSS6AI score0.00226EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:42 p.m.6 views

CVE-2026-54018 Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validateurl function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only ...

7.7CVSS5.9AI score0.00287EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:41 p.m.3 views

CVE-2026-54019 Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as...

6.5CVSS5.8AI score0.00281EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 4:40 p.m.3 views

CVE-2026-57053

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idnatounicodeinternal. The affected code is not present in libidn2...

4CVSS5.9AI score0.0011EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/23 4:39 p.m.4 views

CVE-2026-54021 Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied urlidx path parameter and use it as a raw index into the admin-configured OLLAMABASEURLS list. Access...

6.3CVSS5.9AI score0.0021EPSS
Exploits0References1
Total number of security vulnerabilities161701