|
371
|
7.5 |
HIGH
Network
|
dhtmlx
|
pdf_export_module
|
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could incl…
Update
|
CWE-22
Path Traversal
|
CVE-2026-41552
|
2026-05-20 01:49 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
7.5 |
HIGH
Network
|
twisted
|
twisted
|
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exha…
Update
|
CWE-400
CWE-407
Uncontrolled Resource Consumption
Inefficient Algorithmic Complexity
|
CVE-2026-42304
|
2026-05-20 01:47 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
6.1 |
MEDIUM
Network
|
northern.tech
|
cfengine
|
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-24710
|
2026-05-20 01:45 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
5.3 |
MEDIUM
Network
|
northern.tech
|
cfengine
|
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
Update
|
CWE-284
Improper Access Control
|
CVE-2026-24711
|
2026-05-20 01:44 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
7.3 |
HIGH
Network
|
northern.tech
|
cfengine
|
Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.
Update
|
CWE-77
Command Injection
|
CVE-2026-24712
|
2026-05-20 01:43 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
8.8 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter …
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-45672
|
2026-05-20 01:39 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
8.7 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload c…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-44549
|
2026-05-20 01:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
8.1 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTT…
Update
|
CWE-22
Path Traversal
|
CVE-2026-44565
|
2026-05-20 01:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
7.1 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-44569
|
2026-05-20 01:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
7.3 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of us…
Update
|
CWE-602
CWE-863
Client-Side Enforcement of Server-Side Security
Incorrect Authorization
|
CVE-2026-44567
|
2026-05-20 01:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
