|
3861
|
9.8 |
CRITICAL
Network
|
lmsys
|
sglang
|
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the intern…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7301
|
2026-05-19 22:49 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3862
|
9.1 |
CRITICAL
Network
|
lmsys
|
sglang
|
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by …
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-7302
|
2026-05-19 22:43 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3863
|
9.8 |
CRITICAL
Network
|
lmsys
|
sglang
|
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7304
|
2026-05-19 22:38 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3864
|
7.0 |
HIGH
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in
runtime/autoload/tar.vim when decompressing .tgz archives on Unix-lik…
|
CWE-78
CWE-88
OS Command
Argument Injection
|
CVE-2026-46483
|
2026-05-19 21:27 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3865
|
5.8 |
MEDIUM
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. Whe…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-41181
|
2026-05-19 21:24 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3866
|
9.9 |
CRITICAL
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the RE…
|
CWE-284
Improper Access Control
|
CVE-2026-44774
|
2026-05-19 21:22 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3867
|
5.4 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-45396
|
2026-05-19 21:20 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3868
|
5.3 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticate…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-45397
|
2026-05-19 21:19 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3869
|
7.5 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, _validate_collection_access() checks the user-memory-* and file-* collection name pr…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45398
|
2026-05-19 21:18 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3870
|
8.5 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypa…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45400
|
2026-05-19 21:08 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
