Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2020-37230 | HIGH | 7.8 | Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary … | May 16, 2026 |
| CVE-2020-37229 | HIGH | 7.8 | OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable … | May 16, 2026 |
| CVE-2020-37228 | CRITICAL | 9.8 | iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can … | May 16, 2026 |
| CVE-2020-37227 | HIGH | 8.8 | HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. … | May 16, 2026 |
| CVE-2026-46719 | UNKNOWN | — | Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources … | May 16, 2026 |
| CVE-2025-4202 | MEDIUM | 4.3 | The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on … | May 16, 2026 |
| CVE-2026-8657 | HIGH | 8.2 | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by … | May 16, 2026 |
| CVE-2026-8656 | MEDIUM | 6.1 | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and … | May 16, 2026 |
| CVE-2026-8681 | MEDIUM | 5.3 | The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the … | May 16, 2026 |
| CVE-2026-8704 | UNKNOWN | — | Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. | May 15, 2026 |
| CVE-2026-8700 | UNKNOWN | — | Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security … | May 15, 2026 |
| CVE-2026-45667 | MEDIUM | 6.5 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDING_FUNCTION(...). … | May 15, 2026 |
| CVE-2026-45666 | MEDIUM | 6.5 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowing … | May 15, 2026 |
| CVE-2026-45665 | HIGH | 8.1 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the … | May 15, 2026 |
| CVE-2026-45365 | MEDIUM | 5.4 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypass_filter parameter is exposed on the /openai/chat/completions … | May 15, 2026 |
| CVE-2026-45351 | MEDIUM | 6.5 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user [non-admin] logs into the application, … | May 15, 2026 |
| CVE-2026-45350 | HIGH | 7.1 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which … | May 15, 2026 |
| CVE-2026-45347 | MEDIUM | 4.3 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery (SSRF) … | May 15, 2026 |
| CVE-2026-45346 | UNKNOWN | — | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.31, there is a Cross-Site Scripting vulnerability in Open WebUI … | May 15, 2026 |
| CVE-2026-45345 | MEDIUM | 6.5 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if … | May 15, 2026 |
| CVE-2026-45338 | HIGH | 7.7 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnerability exists in _process_picture_url() … | May 15, 2026 |
| CVE-2026-45318 | MEDIUM | 5.4 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview … | May 15, 2026 |
| CVE-2026-45317 | MEDIUM | 4.6 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery (CSRF) vulnerability was found … | May 15, 2026 |
| CVE-2026-45316 | LOW | 3.5 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/{id}/pin endpoint performs a write operation (toggling … | May 15, 2026 |
| CVE-2026-45315 | HIGH | 8.7 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension … | May 15, 2026 |