|
21
|
8.1 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSION_POOL to discon…
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-44553
|
2026-05-19 03:29 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
5.3 |
MEDIUM
Network
|
pyload
|
pyload
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/<p…
Update
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-44226
|
2026-05-19 03:25 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
6.5 |
MEDIUM
Network
|
guimard
|
apache\
|
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.
Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re…
New
|
CWE-338
CWE-340
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Generation of Predictable Numbers or Identifiers
|
CVE-2026-8503
|
2026-05-19 03:23 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
5.4 |
MEDIUM
Network
|
google
|
chrome
|
Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-8561
|
2026-05-19 03:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu…
New
|
CWE-1300
Improper Protection of Physical Side Channels
|
CVE-2026-8562
|
2026-05-19 03:21 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.ap…
New
|
CWE-862
Missing Authorization
|
CVE-2026-45667
|
2026-05-19 03:17 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
8.8 |
HIGH
Network
|
-
|
-
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
New
|
CWE-20
CWE-94
CWE-119
Improper Input Validation
Code Injection
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-45495
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45494
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
New
|
CWE-20
Improper Input Validation
|
CVE-2026-45492
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
9.1 |
CRITICAL
Network
|
-
|
-
|
DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary fi…
New
|
CWE-22
Path Traversal
|
CVE-2026-45230
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
