Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-54016 — Open WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base …

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization (BOLA) vulnerability in the built…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
6.4 MEDIUM
CVE-2026-54015 — Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the prompt_id in the URL but…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
4.3 MEDIUM
CVE-2026-54014 — Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint th…

open_webui | Remote | Path Traversal
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.6 HIGH
CVE-2026-54013 — Open WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUI

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but for…

open_webui | Remote | Cross-Site Scripting
Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-54012 — Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbi…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
8.7 HIGH
CVE-2026-54011 — Open WebUI: Stored XSS in Mermaid Markdown Preview

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and i…

open_webui | Remote | Cross-Site Scripting
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
8.3 HIGH
CVE-2026-54010 — Open WebUI: Forged chat-file link allows cross-user file read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary file_id values to their own c…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
6.5 MEDIUM
CVE-2026-54009 — Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an image_url.url value that, when it does NOT sta…

open_webui | Remote | Path Traversal
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
8.5 HIGH
CVE-2026-54008 — Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.py::_process_picture_url calls validate_url(picture_u…

open_webui | Remote | Server-Side Request Forgery
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-54007 — Open WebUI: Cross-origin postMessage confirmation bypass via action:submit

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows non-same-origin input:prompt and action:submit mess…

open_webui | Remote | Cross-Site Request Forgery
Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
4.3 MEDIUM
CVE-2026-54006 — Open WebUI: Calendar event re-parenting allows writing events into another user's calendar

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/{event_id}/update validates that the caller has write …

open_webui | Remote | Authorization
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
9.6 CRITICAL
CVE-2026-53662 — immich: One-click account takeover via XSS in login page continue redirect

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting (XSS) vulnerability on the /auth/login page allows a…

immich | Remote | Cross-Site Scripting
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
4.2 MEDIUM
CVE-2026-52846 — Caddy: stripHTML template function bypass

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, …

caddy | Remote | Cross-Site Scripting
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
8.1 HIGH
CVE-2026-52845 — Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied identity header before copying the trusted value from the…

caddy | Remote | Authentication
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52844 — Caddy: Windows `file_server` path authorization bypass via encoded backslash

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/*, but file_server later resolves the s…

windows caddy | Remote | Path Traversal
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
5.4 MEDIUM
CVE-2026-50221 — OpenStack Swift: Server-Side Request Forgery via Internal Header Injection

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwardi…

swift | Remote | Server-Side Request Forgery
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
5.2 MEDIUM
CVE-2026-49983 — Deno: process.loadEnvFile() bypasses env permission checks and mutates process.env with o…

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with --deny-env, or restrict it to a specific allowlist w…

deno | Misconfiguration
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
5.2 MEDIUM
CVE-2026-49860 — Deno: WebSocket API sandbox bypass via missing post-DNS check

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check …

deno | Misconfiguration
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
5.2 MEDIUM
CVE-2026-49859 — Deno: `fetch()` API sandbox bypass via missing DNS resolution check

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch() was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresse…

deno | Misconfiguration
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
7.4 HIGH
CVE-2026-49440 — Deno: Miller-Rabin Primality Test Allows Zero Rounds

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPrimeSync(candidate[, options]) ran no Miller-Rabin…

deno | Remote | Cryptography
Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
Showing 20 of 7990 Results