VIR Vulnerability Intelligence Relay

Search

Found 33,075 results in 1718ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45315 high 8.7 8.7 openwebui 22d ago Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions
CVE-2026-45301 high 8.1 8.1 openwebui 22d ago Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file
CVE-2026-44570 high 8.3 8.3 openwebui 22d ago Open WebUI has inconsistent authorization controls within memories API
CVE-2026-44569 high 7.1 7.1 openwebui 22d ago Open WebUI's Insecure Message Access Breaks Authorization
CVE-2026-44565 high 8.1 8.1 openwebui 22d ago Open WebUI Arbitrary File Write, Delete via Path Traversal
CVE-2026-44549 high 8.7 8.7 openwebui 22d ago Open WebUI has stored XSS in Excel file preview
CVE-2026-46367 high 7.6 7.6 22d ago phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craf…
CVE-2026-45402 high 8.1 8.1 openwebui 22d ago Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints
CVE-2026-45401 high 8.5 8.5 openwebui 22d ago Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958)
CVE-2026-45400 high 8.5 8.5 openwebui 22d ago Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`
CVE-2026-45395 high 7.2 7.2 openwebui 22d ago Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution
CVE-2026-44721 high 7.3 7.3 openwebui 22d ago open-webui Vulnerable to Stored XSS via Model Description
CVE-2026-45675 high 8.1 8.1 openwebui 22d ago Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts
CVE-2026-45399 high 7.1 7.1 openwebui 22d ago Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption
CVE-2026-45349 high 7.1 7.1 openwebui 22d ago Open WebUI has Broken Access Control for Completions API
CVE-2026-44556 high 7.1 7.1 openwebui 22d ago Open WebUI's responses passthrough endpoint lacks access control authorization
CVE-2026-44555 high 7.6 7.6 openwebui 22d ago Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining
CVE-2026-44554 high 8.1 8.1 openwebui 22d ago Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite
CVE-2026-46408 high 7.6 7.6 22d ago Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter …
CVE-2026-46407 high 8.1 8.1 22d ago Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator t…
CVE-2026-46366 high 7.5 7.5 22d ago phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted …
CVE-2026-46359 high 7.5 7.5 22d ago phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attac…
CVE-2026-44826 high 7.5 7.5 22d ago Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-ad…
CVE-2021-47966 high 8.2 8.2 22d ago PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login_userid parameter of login.php that allows unauthenticated attackers to extract database conte…
CVE-2021-47964 high 8.8 8.8 22d ago Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager…
CVE-2021-47963 high 7.2 7.2 22d ago Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. A…
CVE-2021-47959 high 7.5 7.5 22d ago WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields…
CVE-2026-45578 high 8.8 8.8 wwbn 22d ago WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/on_publish.php builds an execAsyn…
CVE-2026-46474 high 7.5 7.5 22d ago Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
CVE-2026-46491 high 8.0 22d ago SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion
CVE-2026-44692 high 8.0 22d ago Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
CVE-2026-45364 high 7.3 7.3 22d ago Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it rece…
CVE-2026-45539 high 7.4 7.4 22d ago Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree
CVE-2026-45038 high 7.8 7.8 tabby 22d ago Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code …
CVE-2026-45037 high 7.1 7.1 tabby 22d ago Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without …
CVE-2026-45036 high 7.0 7.0 tabby 22d ago Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without us…
CVE-2026-45035 high 8.8 8.8 tabby 22d ago Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supp…
CVE-2026-44714 high 7.5 7.5 22d ago bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass
CVE-2026-44641 high 7.1 7.1 22d ago Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install
CVE-2026-45062 high 8.0 22d ago FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
CVE-2026-44716 high 8.0 22d ago Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator
CVE-2026-41147 high 8.7 8.7 22d ago NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class
CVE-2026-46508 high 7.8 7.8 vercel 22d ago Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-contr…
CVE-2026-45803 low 3.5 3.5 debian debian sleswindows windows github 22d ago `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users vie…
CVE-2026-35194 high 8.1 8.1 apache 22d ago Apache Flink: Remote code execution via SQL injection in code generation
CVE-2026-46483 high 7.0 7.0 FIX slesdebian debianwindows windows vim 22d ago Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-lik…
CVE-2026-45736 high 7.5 7.5 FIX debian debianwindows windows ws_project 22d ago ws: Uninitialized memory disclosure
CVE-2026-39054 high 7.3 7.3 22d ago Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the proce…
CVE-2026-38728 high 7.5 7.5 22d ago An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components
CVE-2026-34253 high 8.2 8.2 slesdebian debian 22d ago A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control fu…
CVE-2026-41552 high 7.5 7.5 dhtmlx 22d ago PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could incl…
CVE-2026-41964 high 8.4 8.4 22d ago Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-41963 low 2.8 2.8 22d ago Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-41962 low 3.6 3.6 22d ago Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-6403 high 7.5 7.5 22d ago The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckply_zip_theme() function, which …
CVE-2026-6228 high 8.8 8.8 22d ago The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field…
CVE-2026-4094 high 8.1 8.1 23d ago The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up…
CVE-2026-41702 high 7.0 7.0 vmware 23d ago VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges…
CVE-2026-43490 high 8.8 8.8 FIX slesdebian debianwindows windows 23d ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor x…
CVE-2026-28761 high 8.1 8.1 23d ago Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected pr…
CVE-2024-36333 high 7.8 7.8 amd 23d ago A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2026-2652 high 8.6 8.6 lfprojects 23d ago MLflow: unauthenticated access to certain FastAPI routes
CVE-2026-44671 high 7.5 7.5 zitadel 23d ago ZITADEL has LDAP Filter Injection in Login Flow
CVE-2026-45781 low 3.5 3.5 23d ago MCP Registry: OCI validator skips ownership check on upstream rate limits
CVE-2026-44700 high 8.0 23d ago ex_webrtc client-role handshake is missing DTLS peer fingerprint validation
CVE-2026-44673 high 7.5 7.5 debian debian sleswindows windows 23d ago libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciou…
CVE-2026-42327 high 8.0 FIX debian debian 23d ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as Open…
CVE-2026-45370 high 7.7 7.7 23d ago python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection
CVE-2026-45369 high 8.3 8.3 23d ago utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
CVE-2026-46509 high 8.2 8.2 23d ago deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not b…
CVE-2026-45353 high 7.8 7.8 electerm_project 23d ago electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.
CVE-2026-45373 high 7.4 7.4 23d ago CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as htt…
CVE-2026-45310 high 7.4 7.4 23d ago CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetch_url tool validates the initial URL's resolved IP address against a restricted-IP blocklist (is_restricted_ip()) to …
CVE-2026-45672 high 8.8 8.8 openwebui 23d ago Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed
CVE-2026-45671 high 8.0 8.0 openwebui 23d ago Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion
CVE-2026-45398 high 7.5 7.5 openwebui 23d ago Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls
CVE-2026-45350 high 7.1 7.1 openwebui 23d ago Open WebUI's chat completion API allows tool restrictions to be bypassed
CVE-2026-45348 high 8.7 8.7 23d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates …
CVE-2026-42570 high 8.0 23d ago Svelte devalue: DoS via sparse array deserialization
CVE-2026-45338 high 7.7 7.7 openwebui 23d ago Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)
CVE-2026-45331 high 8.5 8.5 openwebui 23d ago Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature
CVE-2026-8629 high 8.1 8.1 23d ago Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests t…
CVE-2026-8597 high 7.2 7.2 aws 23d ago Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler
CVE-2026-8587 high 8.8 8.8 FIX debian debianmacos macoswindows windows google 23d ago Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome E…
CVE-2026-8585 high 7.5 7.5 FIX debian debianmacos macoswindows windows google 23d ago Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a …
CVE-2026-8581 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8579 low 3.1 3.1 FIX debian debianwindows windows google 23d ago Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write…
CVE-2026-8578 low 3.1 3.1 FIX debian debian linux-kernelwindows windows google 23d ago Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chro…
CVE-2026-8577 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8575 high 8.3 8.3 FIX debian debianwindows windows google 23d ago Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro…
CVE-2026-8574 high 8.3 8.3 FIX debian debianwindows windows google 23d ago Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-8573 high 8.3 8.3 FIX debian debianwindows windows google 23d ago Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:…
CVE-2026-8572 low 3.1 3.1 FIX debian debianwindows windows google 23d ago Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft…
CVE-2026-8571 high 8.3 8.3 FIX debian debianwindows windows google 23d ago Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v…
CVE-2026-8569 high 8.3 8.3 FIX debian debianmacos macoswindows windows google 23d ago Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: …
CVE-2026-8568 low 3.1 3.1 FIX debian debianwindows windows google 23d ago Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Ch…
CVE-2026-8558 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8557 high 7.5 7.5 FIX debian debianwindows windows google 23d ago Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (C…
CVE-2026-8556 low 3.1 3.1 FIX debian debianwindows windows google 23d ago Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT…
CVE-2026-8555 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)