Export limit exceeded: 351486 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351486 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44551 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2026-05-18 | 9.1 Critical |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user. This vulnerability is fixed in 0.9.0. | ||||
| CVE-2026-33377 | 1 Grafana | 1 Grafana | 2026-05-18 | 7.1 High |
| An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege. | ||||
| CVE-2026-44552 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2026-05-18 | 8.7 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the tool_servers and terminal_servers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database (a supported and documented deployment pattern, e.g., for multi-region deployments, blue-green setups, or cluster topologies), the unprefixed keys collide. An admin on Instance A writing to tool_servers overwrites the value read by Instance B — causing Instance B's users to receive Instance A's tool server configuration. This vulnerability is fixed in 0.9.0. | ||||
| CVE-2026-42822 | 1 Microsoft | 2 Azure Local, Azure Resource Manager | 2026-05-18 | 10 Critical |
| Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-44553 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2026-05-18 | 8.1 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSION_POOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin privileges within their existing Socket.IO session for as long as they keep the connection alive (via automatic heartbeats). The gap is exclusive to the Socket.IO session cache. This vulnerability is fixed in 0.9.0. | ||||
| CVE-2020-37227 | 2 Heliossolutions, Wordpress | 2 Hs Brand Logo Slider, Wordpress | 2026-05-18 | 8.8 High |
| HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution. | ||||
| CVE-2025-4202 | 2 Multicollab, Wordpress | 2 Multicollab: Content Team Collaboration And Editorial Workflow, Wordpress | 2026-05-18 | 4.3 Medium |
| The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add comments to arbitrary collaborations. | ||||
| CVE-2020-37228 | 1 Yerootech | 1 Ids6 Dsspro Digital Signage System | 2026-05-18 | 9.8 Critical |
| iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts. | ||||
| CVE-2020-37234 | 1 Tonec | 1 Internet Download Manager | 2026-05-18 | 6.2 Medium |
| Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data exceeding 5000 bytes into the 'Open the following file when done' field to trigger a denial of service condition. | ||||
| CVE-2020-37240 | 1 Pamzey | 1 Patients Waiting Area Queue Management System | 2026-05-18 | 6.4 Medium |
| Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which execute when viewing the User List page. | ||||
| CVE-2020-37246 | 2 Supsystic, Wordpress | 2 Backup, Wordpress | 2026-05-18 | 6.2 Medium |
| Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access sensitive files like /etc/passwd or delete files via the removeAction parameter. | ||||
| CVE-2021-47955 | 1 Couchcms | 1 Couchcms | 2026-05-18 | 5.4 Medium |
| CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. Attackers can upload SVG files containing embedded script tags to the browse.php endpoint, which are then executed in users' browsers when the files are accessed or previewed. | ||||
| CVE-2018-25338 | 2 Bylancer, Zechat Project | 2 Zechat, Zechat | 2026-05-18 | 8.2 High |
| Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names. | ||||
| CVE-2021-47972 | 1 Sticky-notes-color-widgets | 1 Sticky Notes Color Widgets | 2026-05-18 | 7.5 High |
| Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger application crashes and make the application stop responding. | ||||
| CVE-2021-47978 | 1 Processmaker | 1 Processmaker | 2026-05-18 | 6.2 Medium |
| ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without authentication. | ||||
| CVE-2026-33603 | 2 Dovecot, Open-xchange | 3 Dovecot, Dovecot, Ox Dovecot Pro | 2026-05-18 | 6.8 Medium |
| Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and client as MITM proxy. Install fixed version. No publicly available exploits are known. | ||||
| CVE-2026-37531 | 2 Automotivelinux, Linuxfoundation | 2 App-framework-main, Automotive Grade Linux | 2026-05-18 | 9.8 Critical |
| AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal sequences it only blocks absolute paths. The zread extraction function uses openat(workdirfd, filename, O_CREAT) which resolves dot notation values relative to the work directory, allowing files to be written anywhere on the filesystem. Critically, in function install_widget in file wgtpkg-install.c, extraction via zread occurs BEFORE signature verification via check_all_signatures. Even if signature verification fails, the error cleanup (remove_workdir) only deletes the temporary work directory files written outside via path traversal persist permanently. | ||||
| CVE-2026-45494 | 1 Microsoft | 1 Edge Chromium | 2026-05-18 | 5.4 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2026-37526 | 2 Automotivelinux, Linuxfoundation | 2 App-framework-binder, Automotive Grade Linux | 2026-05-18 | 7.8 High |
| AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The on_supervision_call function in src/afb-supervision.c dispatches all 8 commands without any credential verification. The abstract socket has no DAC protection, as acknowledged in the official CAUTION comment in src/afs-supervision.h. This allows a low-privileged local process to kill the daemon (DoS via Exit command), execute arbitrary API calls (via Do command), close arbitrary user sessions (via Sclose command), or leak the entire global configuration (via Config command). The vulnerability was introduced in commit b8c9d5de384efcfa53ebdb3f0053d7b3723777e1 on 2017-06-29. | ||||
| CVE-2026-37525 | 2 Automotivelinux, Linuxfoundation | 2 App-framework-binder, Automotive Grade Linux | 2026-05-18 | 7.8 High |
| AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitly nullifies the request credentials by calling afb_context_change_cred(&xreq->context, NULL) before dispatching an attacker-controlled API call via xapi->itf->call(xapi->closure, xreq). The NULL propagation chain through afb-context.c:110 (context->credentials = afb_cred_addref(NULL)) and afb-cred.c:163 (returns NULL when cred is NULL) confirms that credentials are zeroed before the target API executes. The attacker controls both api and verb parameters via JSON input, allowing execution of any registered API with a NULL credential context. APIs that rely on context->credentials for authorization decisions may fail open when receiving NULL credentials, enabling privilege escalation. This vulnerability was introduced in commit abbb4599f0b921c6f434b6bd02bcfb277eecf745 on 2018-02-14. | ||||