|
1011
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker…
|
CWE-78
OS Command
|
CVE-2026-12850
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1012
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker…
|
CWE-78
OS Command
|
CVE-2026-12851
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1013
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified crede…
|
CWE-862
Missing Authorization
|
CVE-2026-57291
|
2026-06-25 23:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1014
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentia…
|
CWE-352
Origin Validation Error
|
CVE-2026-57292
|
2026-06-25 23:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1015
|
4.3 |
MEDIUM
Network
|
-
|
-
|
An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particul…
|
CWE-862
Missing Authorization
|
CVE-2026-57293
|
2026-06-25 23:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1016
|
8.8 |
HIGH
Network
|
-
|
-
|
Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with I…
|
CWE-22
Path Traversal
|
CVE-2026-57296
|
2026-06-25 23:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1017
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL usi…
|
CWE-352
Origin Validation Error
|
CVE-2026-57298
|
2026-06-25 23:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1018
|
4.3 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/{event_id}/update validates that the caller has write …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-54006
|
2026-06-25 22:41 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1019
|
6.5 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows non-same-origin input:prompt and action:submit mess…
|
CWE-346
Origin Validation Error
|
CVE-2026-54007
|
2026-06-25 22:40 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1020
|
8.5 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.py::_process_picture_url calls validate_url(picture_u…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-54008
|
2026-06-25 22:35 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
