|
161
|
- |
|
-
|
-
|
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, exploitable through the type parameter on the auth…
New
|
CWE-89
SQL Injection
|
CVE-2026-42847
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
7.5 |
HIGH
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handle…
Update
|
CWE-362
Race Condition
|
CVE-2026-42594
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
- |
|
-
|
-
|
mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond a…
New
|
CWE-78
CWE-862
OS Command
Missing Authorization
|
CVE-2026-41315
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
- |
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting (XSS) issue in the…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45622
|
2026-05-16 08:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
8.1 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied file_id and attach the referenced file to …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45402
|
2026-05-16 08:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to…
New
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-45396
|
2026-05-16 08:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
7.1 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass to…
New
|
CWE-862
Missing Authorization
|
CVE-2026-45350
|
2026-05-16 08:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
7.7 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnerability exists in _process_picture_url() …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45338
|
2026-05-16 08:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
8.5 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_url() in backend/open_webui/retrieval/web/utils.py calls validators.ipv6(ip…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45331
|
2026-05-16 08:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
9.1 |
CRITICAL
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session bind…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-45010
|
2026-05-16 08:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
