|
171
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels (i.e., channels whose channel.type is neither group nor dm), th…
New
|
CWE-862
Missing Authorization
|
CVE-2026-44571
|
2026-05-16 08:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
172
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.
Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8669
|
2026-05-16 07:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
173
|
5.3 |
MEDIUM
Local
|
-
|
-
|
Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.
Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer G…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8454
|
2026-05-16 07:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
174
|
- |
|
-
|
-
|
Trog::TOTP versions before 1.006 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
New
|
CWE-331
Insufficient Entropy
|
CVE-2026-46474
|
2026-05-16 07:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
175
|
5.4 |
MEDIUM
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint that allows any authenticated user to delete tags. Any logged-in user, incl…
New
|
CWE-862
Missing Authorization
|
CVE-2026-46365
|
2026-05-16 07:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
176
|
7.5 |
HIGH
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attac…
New
|
CWE-89
SQL Injection
|
CVE-2026-46359
|
2026-05-16 07:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
177
|
8.0 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45671
|
2026-05-16 07:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
178
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.ap…
New
|
CWE-862
Missing Authorization
|
CVE-2026-45667
|
2026-05-16 07:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
179
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowin…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45666
|
2026-05-16 07:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
180
|
8.1 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45665
|
2026-05-16 07:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
