|
91
|
- |
|
-
|
-
|
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections.
The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sour…
New
|
CWE-93
CRLF Injection
|
CVE-2026-8788
|
2026-05-19 02:40 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
7.8 |
HIGH
Local
|
-
|
-
|
VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place ma…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2021-47974
|
2026-05-19 02:38 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
8.4 |
HIGH
Local
|
-
|
-
|
VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craf…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25328
|
2026-05-19 02:38 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses model_config = ConfigDict(extra='allow'), which permits arbitrary fi…
New
|
CWE-862
Missing Authorization
|
CVE-2026-44550
|
2026-05-19 02:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
8.1 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collection_n…
New
|
CWE-862
Missing Authorization
|
CVE-2026-44554
|
2026-05-19 02:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filter_allowed_access_grants on either create or up…
New
|
CWE-862
Missing Authorization
|
CVE-2026-44558
|
2026-05-19 02:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/{id}/members endpoint only checks membership for group and …
New
|
CWE-862
Missing Authorization
|
CVE-2026-44559
|
2026-05-19 02:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" (non-full-context), type: "text" with collection_name, and bare col…
New
|
CWE-862
Missing Authorization
|
CVE-2026-44560
|
2026-05-19 02:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_channel_member function checks whether a ChannelMember row exists but do…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-44561
|
2026-05-19 02:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
7.6 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supports model composition via base_model_id: a user-defined model (e.g.,…
New
|
CWE-862
Missing Authorization
|
CVE-2026-44555
|
2026-05-19 02:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
