Export limit exceeded: 351647 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351647 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351647 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45331 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2026-05-19 | 8.5 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_url() in backend/open_webui/retrieval/web/utils.py calls validators.ipv6(ip, private=True), but the validators library does NOT implement the private keyword for IPv6 — the call raises a ValidationError (which is falsy in a boolean context), so every IPv6 address passes the filter. In addition, IPv4-mapped IPv6 (::ffff:10.0.0.1) bypasses the IPv4 check entirely, and several reserved IPv4 ranges (0.0.0.0/8, 100.64.0.0/10, 192.0.0.0/24, etc.) are not blocked. This vulnerability is fixed in 0.9.0. | ||||
| CVE-2026-44568 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2026-05-19 | 4.8 Medium |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the AccountPending.svelte component renders the admin-configured "Pending User Overlay Content" using marked.parse() inside {@html} with an incorrect DOMPurify application order. An admin can inject arbitrary JavaScript into the Pending User Overlay Content that executes in the browser context of any pending user who views the overlay page. This vulnerability is fixed in 0.9.0. | ||||
| CVE-2026-45387 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2026-05-19 | 4.3 Medium |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may consider their system prompt confidential, so this is considered a security issue. This vulnerability is fixed in 0.9.5. | ||||
| CVE-2026-45395 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2026-05-19 | 7.2 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the tool update endpoint (POST /api/v1/tools/id/{id}/update) is missing the workspace.tools permission check that is present on the tool create endpoint. This allows a user who has been explicitly denied tool management capabilities ( and who the administrator considers untrusted for code execution ) to replace a tool's server-side Python content and trigger execution, bypassing the intended workspace.tools security boundary. This vulnerability is fixed in 0.9.5. | ||||
| CVE-2026-33234 | 1 Significant-gravitas | 1 Autogpt | 2026-05-19 | 5 Medium |
| AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backend/backend/blocks/email_block.py accepts a user-supplied smtp_server (string) and smtp_port (integer) as per-execution block inputs, then passes them directly to Python's smtplib.SMTP() to open a raw TCP connection with no IP address validation. This completely bypasses the platform's hardened SSRF protections in backend/util/request.py — the validate_url_host() function and BLOCKED_IP_NETWORKS blocklist that every other block uses to block connections to private, loopback, link-local, and cloud metadata addresses. An authenticated user on a shared AutoGPT deployment can use this to perform non-blind internal network port scanning and service fingerprinting: smtplib reads the target's TCP banner on connect and embeds it in the exception message, which is persisted as user-visible block output via the execution framework. This issue has been fixed in version 0.6.52. | ||||
| CVE-2026-45385 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2026-05-19 | 4.3 Medium |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members (including administrators) within the same channel. In the update_message_by_id function, for group or dm type channels, only the caller's membership in the channel is checked via the is_user_channel_member function, without verifying message ownership. This allows any channel member to modify messages sent by other members within the same channel. This vulnerability is fixed in 0.9.5. | ||||
| CVE-2026-45246 | 1 Steipete | 1 Summarize | 2026-05-19 | 5.5 Medium |
| Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates the replacement with default process umask permissions instead of preserving the original file permissions, exposing the config file containing API keys and provider credentials to other local users on shared Unix-like systems. | ||||
| CVE-2026-45242 | 1 Steipete | 1 Summarize | 2026-05-19 | 7.1 High |
| Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit this to write slide_*.png and slides.json files to any writable directory and subsequently delete matching files at the specified location through repeat extraction. | ||||
| CVE-2026-45243 | 1 Steipete | 1 Summarize | 2026-05-19 | 6.1 Medium |
| Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read, create, overwrite, or delete automation artifacts scoped to the affected tab without proper authorization checks. | ||||
| CVE-2026-45245 | 1 Steipete | 1 Summarize | 2026-05-19 | 7.4 High |
| Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthiness. Attackers can place local or private-network URLs behind hoverable links to route authenticated requests through the daemon, potentially accessing sensitive internal endpoints when users interact with attacker-controlled content. | ||||
| CVE-2026-8553 | 1 Google | 1 Chrome | 2026-05-19 | 3.1 Low |
| Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-8557 | 1 Google | 1 Chrome | 2026-05-19 | 7.5 High |
| Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-8558 | 1 Google | 1 Chrome | 2026-05-19 | 8.8 High |
| Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-8537 | 1 Google | 1 Chrome | 2026-05-19 | 4.3 Medium |
| Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-32244 | 1 Discourse | 1 Discourse | 2026-05-19 | 5.3 Medium |
| Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1. To work around this issue, restrict summary generation by tightening the allowed groups on the summarization Personas. | ||||
| CVE-2026-8532 | 1 Google | 1 Chrome | 2026-05-19 | 8.8 High |
| Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-8533 | 1 Google | 1 Chrome | 2026-05-19 | 8.3 High |
| Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-8538 | 1 Google | 1 Chrome | 2026-05-19 | 5.3 Medium |
| Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-8540 | 1 Google | 1 Chrome | 2026-05-19 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-45667 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2026-05-19 | 6.5 Medium |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDING_FUNCTION(...). This allows any unauthenticated caller to trigger embedding generation which can lead to direct cost exposure if a paid provider is used. This vulnerability is fixed in 0.8.0. | ||||