Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-8514 Use-After-Free in google (CVE-2026-8514)
vulnerability in google (CVE-2026-8514). Successful exploitation can lead to full system takeover.
CVE-2026-8518 Use-After-Free in google (CVE-2026-8518)
vulnerability in google (CVE-2026-8518). Successful exploitation can lead to full system takeover.
CVE-2026-8523 Use-After-Free in google (CVE-2026-8523)
vulnerability in google (CVE-2026-8523). Successful exploitation can lead to full system takeover.
CVE-2026-8525 Vulnerability in google (CVE-2026-8525)
vulnerability in google (CVE-2026-8525). Successful exploitation can lead to full system takeover.
CVE-2026-8522 Use-After-Free in google (CVE-2026-8522)
vulnerability in google (CVE-2026-8522). Successful exploitation can lead to full system takeover.
CVE-2026-8524 Out-of-Bounds Write in google (CVE-2026-8524)
out-of-bounds write in google (CVE-2026-8524). Successful exploitation can lead to full system takeover.
CVE-2026-8509 Vulnerability in Google chrome (CVE-2026-8509)
vulnerability in Google chrome (CVE-2026-8509). Successful exploitation can lead to full system takeover.
CVE-2026-44673 Vulnerability in c (CVE-2026-44673)
vulnerability in c (CVE-2026-44673). Risk of unauthorized operations or information disclosure.
CVE-2026-45370 Vulnerability in utcp-cli (CVE-2026-45370)
vulnerability in utcp-cli (CVE-2026-45370). Confidential information can be exposed externally. Exploitable via ``cli_communication_protocol.py``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-45369 OS Command Injection in utcp-cli (CVE-2026-45369)
OS command injection in utcp-cli (CVE-2026-45369). Successful exploitation can lead to full system takeover. Exploitable via ``_substitute_utcp_args``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-46509 Vulnerability in @ranfdev/deepobj (CVE-2026-46509)
vulnerability in @ranfdev/deepobj (CVE-2026-46509). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.3` or later.
CVE-2026-45353 Code Injection in electerm (CVE-2026-45353)
code injection in electerm (CVE-2026-45353). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.9.0` or later.
CVE-2026-45373 SSRF (Server-Side Request Forgery) in deepseek-tui (CVE-2026-45373)
SSRF in deepseek-tui (CVE-2026-45373). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.26` or later.
CVE-2026-45310 SSRF (Server-Side Request Forgery) in deepseek-tui (CVE-2026-45310)
SSRF in deepseek-tui (CVE-2026-45310). Confidential information can be exposed externally. Exploitable via ``fetch_url``. Mitigation: upgrade to `0.8.22` or later.
CVE-2026-42567 Vulnerability in svelte (CVE-2026-42567)
vulnerability in svelte (CVE-2026-42567). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.55.7` or later.
CVE-2026-45675 Privilege Escalation in open-webui (CVE-2026-45675)
vulnerability in open-webui (CVE-2026-45675). Successful exploitation can lead to full system takeover. Exploitable via ``signup_handler``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45672 Authorization Flaw in open-webui (CVE-2026-45672)
vulnerability in open-webui (CVE-2026-45672). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.12` or later.
CVE-2026-45671 Vulnerability in open-webui (CVE-2026-45671)
vulnerability in open-webui (CVE-2026-45671). Successful exploitation can lead to full system takeover. Exploitable via `DELETE /api/v1/files/{id}`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45665 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45665)
cross-site scripting in open-webui (CVE-2026-45665). Confidential information can be exposed externally. Exploitable via ``marked.parse``. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-45402 Vulnerability in open-webui (CVE-2026-45402)
vulnerability in open-webui (CVE-2026-45402). Confidential information can be exposed externally. Exploitable via `POST /api/v1/folders/{id}/update`. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45401 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45401)
SSRF in open-webui (CVE-2026-45401). Confidential information can be exposed externally. Exploitable via ``requests``. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45400 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45400)
SSRF in open-webui (CVE-2026-45400). Confidential information can be exposed externally. Exploitable via ``requests``. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45399 Vulnerability in open-webui (CVE-2026-45399)
vulnerability in open-webui (CVE-2026-45399). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/tasks`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45398 Vulnerability in open-webui (CVE-2026-45398)
vulnerability in open-webui (CVE-2026-45398). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/retrieval/query/doc`. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45395 Privilege Escalation in open-webui (CVE-2026-45395)
vulnerability in open-webui (CVE-2026-45395). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/tools/id/{id}/update`. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45350 Vulnerability in open-webui (CVE-2026-45350)
vulnerability in open-webui (CVE-2026-45350). Confidential information can be exposed externally. Exploitable via ``tool_id``. Mitigation: upgrade to `0.8.6` or later.
CVE-2026-45349 Vulnerability in open-webui (CVE-2026-45349)
vulnerability in open-webui (CVE-2026-45349). Confidential information can be exposed externally. Exploitable via ``chat_completion``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45348 Cross-Site Scripting (XSS) in pyload-ng (CVE-2026-45348)
cross-site scripting in pyload-ng (CVE-2026-45348). Confidential information can be exposed externally. Exploitable via `POST /flash/add`.
CVE-2026-42570 Vulnerability in devalue (CVE-2026-42570)
vulnerability in devalue (CVE-2026-42570). Risk of unauthorized operations or information disclosure. Exploitable via ``devalue.parse``. Mitigation: upgrade to `5.8.1` or later.
CVE-2026-45338 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45338)
SSRF in open-webui (CVE-2026-45338). Confidential information can be exposed externally. Exploitable via ``picture``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45331 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45331)
SSRF in open-webui (CVE-2026-45331). Confidential information can be exposed externally. Exploitable via ``validators``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45315 Unrestricted File Upload in open-webui (CVE-2026-45315)
vulnerability in open-webui (CVE-2026-45315). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.3` or later.
CVE-2026-8597 Vulnerability in sagemaker (CVE-2026-8597)
vulnerability in sagemaker (CVE-2026-8597). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
CVE-2026-44637 Vulnerability in saitoha (CVE-2026-44637)
vulnerability in saitoha (CVE-2026-44637). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.7-r2` or later.
CVE-2026-44636 Vulnerability in saitoha (CVE-2026-44636)
vulnerability in saitoha (CVE-2026-44636). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.8.7-r2` or later.
CVE-2026-43909 Out-of-Bounds Read in openimageio (CVE-2026-43909)
vulnerability in openimageio (CVE-2026-43909). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43904 Out-of-Bounds Write in cpp (CVE-2026-43904)
out-of-bounds write in cpp (CVE-2026-43904). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43905 Vulnerability in cpp (CVE-2026-43905)
vulnerability in cpp (CVE-2026-43905). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43906 Vulnerability in openimageio (CVE-2026-43906)
vulnerability in openimageio (CVE-2026-43906). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43907 Vulnerability in cpp (CVE-2026-43907)
vulnerability in cpp (CVE-2026-43907). Data can be tampered with by attackers. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43908 Vulnerability in openimageio (CVE-2026-43908)
vulnerability in openimageio (CVE-2026-43908). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43903 Out-of-Bounds Write in cpp (CVE-2026-43903)
out-of-bounds write in cpp (CVE-2026-43903). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-45303 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45303)
cross-site scripting in open-webui (CVE-2026-45303). Confidential information can be exposed externally. Exploitable via ``High``. Mitigation: upgrade to `0.6.5` or later.
CVE-2026-45301 Vulnerability in open-webui (CVE-2026-45301)
vulnerability in open-webui (CVE-2026-45301). Confidential information can be exposed externally. Exploitable via ``user_id``. Mitigation: upgrade to `0.3.16` or later.
CVE-2026-8596 Vulnerability in Amazon sagemaker (CVE-2026-8596)
vulnerability in Amazon sagemaker (CVE-2026-8596). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
CVE-2026-8621 Authentication Bypass in github.com/openclaw/crabbox (CVE-2026-8621)
authentication bypass in github.com/openclaw/crabbox (CVE-2026-8621). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.12.0` or later.
CVE-2026-44633 Authorization Flaw in CVE-2026-44633 (CVE-2026-44633)
vulnerability in CVE-2026-44633 (CVE-2026-44633). Confidential information can be exposed externally.
CVE-2026-44586 Cross-Site Scripting (XSS) in CVE-2026-44586 (CVE-2026-44586)
cross-site scripting in CVE-2026-44586 (CVE-2026-44586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
CVE-2025-15024 Code Injection in CVE-2025-15024 (CVE-2025-15024)
code injection in CVE-2025-15024 (CVE-2025-15024). Successful exploitation can lead to full system takeover.
CVE-2025-15023 Authorization Flaw in CVE-2025-15023 (CVE-2025-15023)
vulnerability in CVE-2025-15023 (CVE-2025-15023). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →