|
831
|
7.0 |
HIGH
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in
runtime/autoload/tar.vim when decompressing .tgz archives on Unix-lik…
|
CWE-78
CWE-88
OS Command
Argument Injection
|
CVE-2026-46483
|
2026-05-19 21:27 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
832
|
5.8 |
MEDIUM
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. Whe…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-41181
|
2026-05-19 21:24 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
833
|
9.9 |
CRITICAL
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the RE…
|
CWE-284
Improper Access Control
|
CVE-2026-44774
|
2026-05-19 21:22 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
834
|
5.4 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-45396
|
2026-05-19 21:20 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
835
|
5.3 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticate…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-45397
|
2026-05-19 21:19 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
836
|
7.5 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, _validate_collection_access() checks the user-memory-* and file-* collection name pr…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45398
|
2026-05-19 21:18 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
837
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
Yiming reports an integer underflow in mpi_read_raw_from_sgl() …
|
-
|
CVE-2026-43492
|
2026-05-19 21:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
838
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: qrtr: ns: Limit the maximum server registration per node
Current code does no bound checking on the number of servers added …
|
-
|
CVE-2026-43491
|
2026-05-19 21:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
839
|
8.5 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypa…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45400
|
2026-05-19 21:08 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
840
|
8.5 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validate_url() function in backend/open_webui/retrieval/web/utils.py only valida…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45401
|
2026-05-19 21:07 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
