CVE search
367,072 resultsCVE-2026-49440HIGHDeno: Miller-Rabin Primality Test Allows Zero RoundsEPSS 0.1%CVE-2026-54257CRITICALElectron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflowEPSS 0.3%CVE-2026-54316MEDIUMClaude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetchEPSS 0.4%CVE-2026-50221MEDIUMIn OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-HosEPSS 0.1%CVE-2026-54007HIGHOpen WebUI: Cross-origin postMessage confirmation bypass via action:submitEPSS 0.2%CVE-2026-54006MEDIUMOpen WebUI: Calendar event re-parenting allows writing events into another user's calendarEPSS 0.2%CVE-2026-54008HIGHOpen WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url`EPSS 0.2%CVE-2026-54009MEDIUMOpen WebUI: Cross-user file disclosure via /api/chat/completions image_url fieldEPSS 0.2%CVE-2026-54010HIGHOpen WebUI: Forged chat-file link allows cross-user file read and deletionEPSS 0.2%CVE-2026-54011HIGHOpen WebUI: Stored XSS in Mermaid Markdown PreviewEPSS 0.2%CVE-2026-54012HIGHOpen WebUI: Forged model meta.knowledge allows cross-user file read and deletionEPSS 0.2%CVE-2026-54013HIGHOpen WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUIEPSS 0.2%CVE-2026-54014MEDIUMOpen WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webuiEPSS 0.2%CVE-2026-54015MEDIUMOpen WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletionEPSS 0.2%CVE-2026-54016MEDIUMOpen WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File EnumerationEPSS 0.2%CVE-2026-54018HIGHOpen WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP RedirectsEPSS 0.3%CVE-2026-54019MEDIUMOpen WebUI: RAG ACL Bypass in Milvus Multitenancy ModeEPSS 0.3%CVE-2026-57053MEDIUMGNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicoEPSS 0.1%CVE-2026-54021MEDIUMOpen WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameterEPSS 0.2%CVE-2026-54022MEDIUMOpen WebUI: Any authenticated user can read other users' private notes via Socket.IOEPSS 0.3%