Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-8525 Vulnerability in google (CVE-2026-8525)
vulnerability in google (CVE-2026-8525). Successful exploitation can lead to full system takeover.
CVE-2026-8509 Vulnerability in Google chrome (CVE-2026-8509)
vulnerability in Google chrome (CVE-2026-8509). Successful exploitation can lead to full system takeover.
CVE-2026-44679 Vulnerability in CVE-2026-44679 (CVE-2026-44679)
vulnerability in CVE-2026-44679 (CVE-2026-44679). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.180.10` or later.
CVE-2026-44661 SSRF (Server-Side Request Forgery) in utcp-http (CVE-2026-44661)
SSRF in utcp-http (CVE-2026-44661). Risk of unauthorized operations or information disclosure. Exploitable via ``tool_call_template.url``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-44673 Vulnerability in c (CVE-2026-44673)
vulnerability in c (CVE-2026-44673). Risk of unauthorized operations or information disclosure.
CVE-2026-44666 OS Command Injection in CVE-2026-44666 (CVE-2026-44666)
OS command injection in CVE-2026-44666 (CVE-2026-44666). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.8` or later.
CVE-2026-42847 SQL Injection in sqli (CVE-2026-42847)
SQL injection in sqli (CVE-2026-42847). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.5.3` or later.
CVE-2026-44647 Path Traversal in CVE-2026-44647 (CVE-2026-44647)
path traversal in CVE-2026-44647 (CVE-2026-44647). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `15.0.2` or later.
CVE-2026-42327 Vulnerability in openssl (CVE-2026-42327)
vulnerability in openssl (CVE-2026-42327). Risk of unauthorized operations or information disclosure. Exploitable via ``OpensslString``. Mitigation: upgrade to `0.10.79` or later.
CVE-2026-45369 OS Command Injection in utcp-cli (CVE-2026-45369)
OS command injection in utcp-cli (CVE-2026-45369). Successful exploitation can lead to full system takeover. Exploitable via ``_substitute_utcp_args``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-46509 Vulnerability in @ranfdev/deepobj (CVE-2026-46509)
vulnerability in @ranfdev/deepobj (CVE-2026-46509). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.3` or later.
CVE-2026-45366 SSRF (Server-Side Request Forgery) in @utcp/http (CVE-2026-45366)
SSRF in @utcp/http (CVE-2026-45366). Risk of unauthorized operations or information disclosure. Exploitable via ``toolCallTemplate.url``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-45288 Vulnerability in Marten (CVE-2026-45288)
vulnerability in Marten (CVE-2026-45288). Successful exploitation can lead to full system takeover. Exploitable via ``regConfig``. Mitigation: upgrade to `8.37.0` or later.
CVE-2026-45787 Vulnerability in electerm (CVE-2026-45787)
vulnerability in electerm (CVE-2026-45787). Confidential information can be exposed externally. Mitigation: upgrade to `3.9.5` or later.
CVE-2026-45353 Code Injection in electerm (CVE-2026-45353)
code injection in electerm (CVE-2026-45353). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.9.0` or later.
CVE-2026-45374 Code Injection in deepseek-tui (CVE-2026-45374)
code injection in deepseek-tui (CVE-2026-45374). Successful exploitation can lead to full system takeover. Exploitable via ``task_create``. Mitigation: upgrade to `0.8.26` or later.
CVE-2026-45373 SSRF (Server-Side Request Forgery) in deepseek-tui (CVE-2026-45373)
SSRF in deepseek-tui (CVE-2026-45373). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.26` or later.
CVE-2026-45311 Code Injection in deepseek-tui (CVE-2026-45311)
code injection in deepseek-tui (CVE-2026-45311). Successful exploitation can lead to full system takeover. Exploitable via ``run_tests``. Mitigation: upgrade to `0.8.23` or later.
CVE-2026-45310 SSRF (Server-Side Request Forgery) in deepseek-tui (CVE-2026-45310)
SSRF in deepseek-tui (CVE-2026-45310). Confidential information can be exposed externally. Exploitable via ``fetch_url``. Mitigation: upgrade to `0.8.22` or later.
CVE-2026-42573 Cross-Site Scripting (XSS) in svelte (CVE-2026-42573)
cross-site scripting in svelte (CVE-2026-42573). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `5.55.7` or later.
CVE-2026-45675 Privilege Escalation in open-webui (CVE-2026-45675)
vulnerability in open-webui (CVE-2026-45675). Successful exploitation can lead to full system takeover. Exploitable via ``signup_handler``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45672 Authorization Flaw in open-webui (CVE-2026-45672)
vulnerability in open-webui (CVE-2026-45672). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.12` or later.
CVE-2026-45667 Vulnerability in open-webui (CVE-2026-45667)
vulnerability in open-webui (CVE-2026-45667). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-45665 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45665)
cross-site scripting in open-webui (CVE-2026-45665). Confidential information can be exposed externally. Exploitable via ``marked.parse``. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-45401 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45401)
SSRF in open-webui (CVE-2026-45401). Confidential information can be exposed externally. Exploitable via ``requests``. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45400 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45400)
SSRF in open-webui (CVE-2026-45400). Confidential information can be exposed externally. Exploitable via ``requests``. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45399 Vulnerability in open-webui (CVE-2026-45399)
vulnerability in open-webui (CVE-2026-45399). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/tasks`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45397 Vulnerability in open-webui (CVE-2026-45397)
vulnerability in open-webui (CVE-2026-45397). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/retrieval/`. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45395 Privilege Escalation in open-webui (CVE-2026-45395)
vulnerability in open-webui (CVE-2026-45395). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/tools/id/{id}/update`. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45387 Information Disclosure in open-webui (CVE-2026-45387)
vulnerability in open-webui (CVE-2026-45387). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45365 Vulnerability in open-webui (CVE-2026-45365)
vulnerability in open-webui (CVE-2026-45365). Risk of unauthorized operations or information disclosure. Exploitable via `POST /openai/chat/completions`. Mitigation: upgrade to `0.8.11` or later.
CVE-2026-45351 Information Disclosure in open-webui (CVE-2026-45351)
vulnerability in open-webui (CVE-2026-45351). Confidential information can be exposed externally. Exploitable via `GET /api/models`. Mitigation: upgrade to `0.8.9` or later.
CVE-2026-45350 Vulnerability in open-webui (CVE-2026-45350)
vulnerability in open-webui (CVE-2026-45350). Confidential information can be exposed externally. Exploitable via ``tool_id``. Mitigation: upgrade to `0.8.6` or later.
CVE-2026-45348 Cross-Site Scripting (XSS) in pyload-ng (CVE-2026-45348)
cross-site scripting in pyload-ng (CVE-2026-45348). Confidential information can be exposed externally. Exploitable via `POST /flash/add`.
CVE-2026-42570 Vulnerability in devalue (CVE-2026-42570)
vulnerability in devalue (CVE-2026-42570). Risk of unauthorized operations or information disclosure. Exploitable via ``devalue.parse``. Mitigation: upgrade to `5.8.1` or later.
CVE-2026-45347 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45347)
SSRF in open-webui (CVE-2026-45347). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/utils/pdf`. Mitigation: upgrade to `0.5.11` or later.
CVE-2026-45346 Vulnerability in open-webui (CVE-2026-45346)
vulnerability in open-webui (CVE-2026-45346). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.31` or later.
CVE-2026-45345 Vulnerability in open-webui (CVE-2026-45345)
vulnerability in open-webui (CVE-2026-45345). Data can be tampered with by attackers. Exploitable via `POST /api/v1/models/model/update`. Mitigation: upgrade to `0.5.7` or later.
CVE-2026-45339 Authorization Flaw in open-webu (CVE-2026-45339)
vulnerability in open-webu (CVE-2026-45339). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45338 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45338)
SSRF in open-webui (CVE-2026-45338). Confidential information can be exposed externally. Exploitable via ``picture``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-42599 Cross-Site Scripting (XSS) in svelte (CVE-2026-42599)
cross-site scripting in svelte (CVE-2026-42599). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.55.7` or later.
CVE-2026-45331 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45331)
SSRF in open-webui (CVE-2026-45331). Confidential information can be exposed externally. Exploitable via ``validators``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45317 Vulnerability in open-webui (CVE-2026-45317)
vulnerability in open-webui (CVE-2026-45317). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.3` or later.
CVE-2026-45318 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45318)
cross-site scripting in open-webui (CVE-2026-45318). Risk of unauthorized operations or information disclosure. Exploitable via ``fileOfficeHtml``. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-45316 Authorization Flaw in open-webui (CVE-2026-45316)
vulnerability in open-webui (CVE-2026-45316). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/notes/{id}/pin`. Mitigation: upgrade to `0.9.3` or later.
CVE-2026-45315 Unrestricted File Upload in open-webui (CVE-2026-45315)
vulnerability in open-webui (CVE-2026-45315). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.3` or later.
CVE-2026-45306 Vulnerability in pyload-ng (CVE-2026-45306)
vulnerability in pyload-ng (CVE-2026-45306). Confidential information can be exposed externally. Exploitable via `GET /files/get/`.
CVE-2026-44638 Vulnerability in dos (CVE-2026-44638)
vulnerability in dos (CVE-2026-44638). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.7-r2` or later.
CVE-2026-44636 Vulnerability in saitoha (CVE-2026-44636)
vulnerability in saitoha (CVE-2026-44636). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.8.7-r2` or later.
CVE-2026-44637 Vulnerability in saitoha (CVE-2026-44637)
vulnerability in saitoha (CVE-2026-44637). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.7-r2` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →