|
861
|
7.2 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the tool update endpoint (POST /api/v1/tools/id/{id}/update) is missing the workspac…
|
CWE-269
CWE-862
Improper Privilege Management
Missing Authorization
|
CVE-2026-45395
|
2026-05-19 12:05 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
862
|
4.3 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any cha…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45385
|
2026-05-19 10:45 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
863
|
6.3 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in …
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-8743
|
2026-05-19 10:35 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
864
|
5.5 |
MEDIUM
Local
|
steipete
|
summarize
|
Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-45246
|
2026-05-19 10:34 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
865
|
5.4 |
MEDIUM
Network
|
steipete
|
summarize
|
Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation featu…
|
CWE-862
Missing Authorization
|
CVE-2026-45244
|
2026-05-19 10:34 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
866
|
7.1 |
HIGH
Network
|
steipete
|
summarize
|
Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolu…
|
CWE-862
Missing Authorization
|
CVE-2026-45242
|
2026-05-19 10:34 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
867
|
6.1 |
MEDIUM
Network
|
steipete
|
summarize
|
Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation a…
|
CWE-862
Missing Authorization
|
CVE-2026-45243
|
2026-05-19 10:34 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
868
|
7.4 |
HIGH
Network
|
steipete
|
summarize
|
Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extensio…
|
CWE-918
CWE-940
Server-Side Request Forgery (SSRF)
Improper Verification of Source of a Communication Channel
|
CVE-2026-45245
|
2026-05-19 10:34 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
869
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfI…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8730
|
2026-05-19 10:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
870
|
3.1 |
LOW
Network
|
google
|
chrome
|
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Ch…
|
CWE-416
Use After Free
|
CVE-2026-8553
|
2026-05-19 10:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
