|
821
|
7.7 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend …
|
CWE-79
Cross-site Scripting
|
CVE-2026-45303
|
2026-05-19 23:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
822
|
7.3 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting (XSS) vulnerability that allows any authenticated user…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44721
|
2026-05-19 23:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
823
|
7.3 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-44566
|
2026-05-19 23:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
824
|
5.4 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filter_allowed_access_grants on either create or up…
|
CWE-862
Missing Authorization
|
CVE-2026-44558
|
2026-05-19 23:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
825
|
8.1 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSION_POOL to discon…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-44553
|
2026-05-19 23:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
826
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-36438
|
2026-05-19 23:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
827
|
9.1 |
CRITICAL
Network
|
freertos
|
coremqtt
|
Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet.
To remediate this issue, users s…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-8686
|
2026-05-19 23:01 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
828
|
9.8 |
CRITICAL
Network
|
lmsys
|
sglang
|
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the intern…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7301
|
2026-05-19 22:49 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
829
|
9.1 |
CRITICAL
Network
|
lmsys
|
sglang
|
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by …
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-7302
|
2026-05-19 22:43 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
830
|
9.8 |
CRITICAL
Network
|
lmsys
|
sglang
|
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7304
|
2026-05-19 22:38 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
