|
1441
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker…
|
CWE-78
OS Command
|
CVE-2026-12850
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1442
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker…
|
CWE-78
OS Command
|
CVE-2026-12851
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1443
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified crede…
|
CWE-862
Missing Authorization
|
CVE-2026-57291
|
2026-06-25 23:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1444
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentia…
|
CWE-352
Origin Validation Error
|
CVE-2026-57292
|
2026-06-25 23:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1445
|
4.3 |
MEDIUM
Network
|
-
|
-
|
An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particul…
|
CWE-862
Missing Authorization
|
CVE-2026-57293
|
2026-06-25 23:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1446
|
8.8 |
HIGH
Network
|
-
|
-
|
Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with I…
|
CWE-22
Path Traversal
|
CVE-2026-57296
|
2026-06-25 23:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1447
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL usi…
|
CWE-352
Origin Validation Error
|
CVE-2026-57298
|
2026-06-25 23:01 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1448
|
4.3 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/{event_id}/update validates that the caller has write …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-54006
|
2026-06-25 22:41 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1449
|
8.5 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.py::_process_picture_url calls validate_url(picture_u…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-54008
|
2026-06-25 22:35 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1450
|
6.5 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an image_url.url value that, when it does NOT sta…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-54009
|
2026-06-25 22:35 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
