CVE ID :CVE-2021-47976 Published : May 16, 2026, 4:16 p.m. | 8 hours, 30 minutes ago Description :TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP…
CVE-2021-47974 – VX Search 13.5.28 Unquoted Service Path Privilege Escalation
CVE ID :CVE-2021-47974 Published : May 16, 2026, 4:16 p.m. | 8 hours, 30 minutes ago Description :VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search…
CVE-2026-45665 – Open WebUI: Stored XSS in Banner Component via Improper Sanitization Order
CVE ID :CVE-2026-45665 Published : May 15, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a…
CVE-2026-45315 – Open WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions
CVE ID :CVE-2026-45315 Published : May 15, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the…
CVE-2026-45301 – Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file
CVE ID :CVE-2026-45301 Published : May 15, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a…
CVE-2026-44570 – Open WebUI: Inconsistent authorization controls within memories API
CVE ID :CVE-2026-44570 Published : May 15, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization…
CVE-2026-44565 – Open WebUI: Open WebUI Arbitrary File Write, Delete via Path Traversal
CVE ID :CVE-2026-44565 Published : May 15, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when…
CVE-2026-45369 – python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
CVE ID :CVE-2026-45369 Published : May 14, 2026, 9:16 p.m. | 3 hours, 8 minutes ago Description :python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled…
CVE-2026-44700 – Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake
CVE ID :CVE-2026-44700 Published : May 14, 2026, 9:16 p.m. | 3 hours, 8 minutes ago Description :Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing…
CVE-2026-44666 – HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution
CVE ID :CVE-2026-44666 Published : May 14, 2026, 9:16 p.m. | 3 hours, 8 minutes ago Description :HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the…