CVE ID :CVE-2026-45665 Published : May 15, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a…
CVE-2026-45315 – Open WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions
CVE ID :CVE-2026-45315 Published : May 15, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the…
CVE-2026-45301 – Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file
CVE ID :CVE-2026-45301 Published : May 15, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a…
CVE-2026-44570 – Open WebUI: Inconsistent authorization controls within memories API
CVE ID :CVE-2026-44570 Published : May 15, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization…
CVE-2026-44565 – Open WebUI: Open WebUI Arbitrary File Write, Delete via Path Traversal
CVE ID :CVE-2026-44565 Published : May 15, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when…
CVE-2026-45369 – python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
CVE ID :CVE-2026-45369 Published : May 14, 2026, 9:16 p.m. | 3 hours, 8 minutes ago Description :python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled…
CVE-2026-44700 – Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake
CVE ID :CVE-2026-44700 Published : May 14, 2026, 9:16 p.m. | 3 hours, 8 minutes ago Description :Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing…
CVE-2026-44666 – HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution
CVE ID :CVE-2026-44666 Published : May 14, 2026, 9:16 p.m. | 3 hours, 8 minutes ago Description :HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the…
CVE-2026-44212 – PrestaShop: Stored XSS executable in customer service view
CVE ID :CVE-2026-44212 Published : May 14, 2026, 9:16 p.m. | 3 hours, 8 minutes ago Description :PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored…
CVE-2026-42327 – rust-openssl: undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs
CVE ID :CVE-2026-42327 Published : May 14, 2026, 9:16 p.m. | 3 hours, 9 minutes ago Description :rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP…