Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.6 HIGH
CVE-2026-53755 — Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unau…

crawl4ai | Remote | Server-Side Request Forgery
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-53754 — Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / u…

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (validate_webhook_url / validate_url_destination in deploy/docker/utils.py) used…

crawl4ai | Remote | Server-Side Request Forgery
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
10.0 CRITICAL
CVE-2026-53753 — Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes st…

crawl4ai | Remote | Injection
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
2.9 LOW
CVE-2026-57062 — GnuPG gpgsm AES-GCM ICV Length Validation Bypass

CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is …

gnupg | Cryptography
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
4.0 MEDIUM
CVE-2026-57053 — GNU libidn Out-of-Bounds Read Vulnerability

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.

libidn | Memory Corruption
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
4.3 MEDIUM
CVE-2026-55517 — Deno: Denial of service via non-ASCII bytes in WebSocket response headers

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.5, a Deno program that opens a client WebSocket connection could be crashed by the remote server. While handling the WebSocket …

deno | Remote | Denial of Service
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-54324 — Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organiza…

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gat…

Remote | Authorization
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
5.9 MEDIUM
CVE-2026-54323 — Daytona: Git credential leak via git clone with TLS verification disabled

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verificati…

Remote | Misconfiguration
Jun 23, 2026 Jun 24, 2026
Jun 23, 2026
Jun 24, 2026
7.1 HIGH
CVE-2026-54318 — Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any in…

Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
7.6 HIGH
CVE-2026-54317 — Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthe…

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView (homeassistant…

Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
9.1 CRITICAL
CVE-2026-54316 — Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including att…

claude_code claude_desktop | Remote | Server-Side Request Forgery
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
9.3 CRITICAL
CVE-2026-54257 — Electron: Buffer performs incorrect byte length calculations resulting in heap buffer und…

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap …

electron | Remote | Memory Corruption
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
9.0 CRITICAL
CVE-2026-54157 — LobeHub: Unauthenticated SSRF in `/webapi/proxy`

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST…

lobehub | Remote | Server-Side Request Forgery
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
5.3 MEDIUM
CVE-2026-54022 — Open WebUI: Any authenticated user can read other users' private notes via Socket.IO

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the docume…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
6.3 MEDIUM
CVE-2026-54021 — Open WebUI: Authenticated users can target arbitrary configured Ollama backends via ungua…

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied url_idx…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-54019 — Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed wh…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.7 HIGH
CVE-2026-54018 — Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validate_url function to prevent SSRF attac…

open_webui | Remote | Server-Side Request Forgery
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
4.3 MEDIUM
CVE-2026-54016 — Open WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base …

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization (BOLA) vulnerability in the built…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
6.4 MEDIUM
CVE-2026-54015 — Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the prompt_id in the URL but…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
4.3 MEDIUM
CVE-2026-54014 — Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint th…

open_webui | Remote | Path Traversal
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
Showing 20 of 7983 Results