|
1011
|
8.2 |
HIGH
Network
|
-
|
-
|
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections.
The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources c…
|
CWE-93
CRLF Injection
|
CVE-2026-46720
|
2026-05-19 02:40 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1012
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.
When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info(…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8507
|
2026-05-19 02:40 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1013
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs.
Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to Sv…
|
CWE-170
Improper Null Termination
|
CVE-2026-8721
|
2026-05-19 02:40 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1014
|
7.8 |
HIGH
Local
|
-
|
-
|
VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place ma…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2021-47974
|
2026-05-19 02:38 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1015
|
8.4 |
HIGH
Local
|
-
|
-
|
VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craf…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25328
|
2026-05-19 02:38 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1016
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels (i.e., channels whose channel.type is neither group nor dm), th…
|
CWE-862
Missing Authorization
|
CVE-2026-44571
|
2026-05-19 02:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1017
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profile_image_url field on the user profile update form accepted arbitrary data:…
|
CWE-79
Cross-site Scripting
|
CVE-2026-45299
|
2026-05-19 02:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1018
|
8.1 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied file_id and attach the referenced file to …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45402
|
2026-05-19 02:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1019
|
8.3 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44570
|
2026-05-19 02:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1020
|
8.1 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authentica…
|
CWE-284
Improper Access Control
|
CVE-2026-45301
|
2026-05-19 02:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
