VYPR

CVEs

38,009 total · page 3 of 761

  • CVE-2026-54018higJun 17, 2026
    risk 0.45cvss epss 0.00

    ### Summary The SafePlaywrightURLLoader implements a validate_url function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on the initial URL. Since Playwright automatically follows HTTP redirects (301/302)…

  • CVE-2026-54017higJun 17, 2026
    risk 0.38cvss epss 0.00

    ### Summary The terminal-server reverse proxy in `backend/open_webui/routers/terminals.py` does not fully confine the user-controlled `path` segment before forwarding it to an admin-configured terminal server. An authenticated user who has been granted access to a terminal…

  • CVE-2026-54013higJun 17, 2026
    risk 0.38cvss epss 0.00

    # Stored XSS to Account Takeover via Model Profile Images in Open WebUI **Affected:** Open WebUI <= 0.9.5 **Bypass of:** GHSA-3wgj-c2hg-vm6q, GHSA-3856-3vxq-m6fc --- ## TL;DR Open WebUI patched SVG XSS in user profile images and webhook profile images but forgot to apply…

  • CVE-2026-54012higJun 17, 2026
    risk 0.45cvss epss 0.00

    ## Summary Open WebUI lets a user who can create, update, or import workspace models store arbitrary `meta.knowledge` entries on their model without checking whether they own or can read the referenced files. Open WebUI then treats `meta.knowledge` entries of type `file` as an…

  • CVE-2026-54011higJun 17, 2026
    risk 0.45cvss epss 0.00

    ## Summary Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using `innerHTML`. Because Mermaid is configured with `securityLevel: 'loose'`, attacker-controlled Mermaid content can be rendered unsafely in…

  • CVE-2026-54010higJun 17, 2026
    risk 0.38cvss epss 0.00

    ## Summary Open WebUI `v0.9.5` lets an authenticated user attach arbitrary `file_id` values to their own chat message without checking whether they own or can read those files. If the attacker then shares that chat and grants themselves read access, `has_access_to_file()`…

  • CVE-2026-54008higJun 17, 2026
    risk 0.38cvss epss 0.00

    ## Summary `backend/open_webui/utils/oauth.py::_process_picture_url` (v0.9.5, lines 1435-1470) calls `validate_url(picture_url)` on the initial URL only, then invokes `aiohttp.ClientSession.get(picture_url, ...)` without `allow_redirects=False`. aiohttp's default is…

  • CVE-2026-54007higJun 17, 2026
    risk 0.45cvss epss 0.00

    ### Summary The chat message listener allows non-same-origin `input:prompt` and `action:submit` messages, so an external site can set prompt text and trigger `submitPrompt()` in an authenticated victim session. I validated this with a cross-origin attacker page that auto-posted…

  • CVE-2026-54328higJun 17, 2026
    risk 0.39cvss epss 0.00

    # Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a…

  • CVE-2026-26231higJun 16, 2026
    risk 0.38cvss epss

    ## Summary Any authenticated low-privilege user with read access to a repository can push arbitrary commits directly to that repository, bypassing all write-access checks. ## Vulnerability Gitea's "Allow edits from maintainers" PR option can be abused via reverse-fork PRs: …

  • CVE-2026-28699higJun 16, 2026
    risk 0.38cvss epss

    ### Summary Gitea fails to enforce OAuth2 access token scopes when the token is submitted via HTTP Basic authentication instead of a Bearer token. An OAuth2 application granted only `read:user` can use the same token as `Authorization: Basic base64(:x-oauth-basic)` and…

  • CVE-2026-52797higJun 16, 2026
    risk 0.38cvss epss 0.00

    **Vulnerability type:** Path Traversal **Impact:** DoS **Exploitation prerequisite:** authorized user **Description:** As an authorized user, an intruder can dictate the value which is passed to the `git diff` command which, together with bypassing the filtering of the passed…

  • CVE-2026-28744higJun 16, 2026
    risk 0.38cvss epss

    ### Summary Gitea v1.26.1 enforces repository-scoped access-token permissions on repository operations. In the Git Smart HTTP path, however, this check runs only when the token is presented via HTTP Basic authentication — `CheckRepoScopedToken()` returns early unless…

  • CVE-2026-54304higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Impact An authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached…

  • CVE-2026-54309higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Impact When `@n8n/mcp-browser` is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke…

  • CVE-2026-54305higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Impact Three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing…

  • CVE-2026-54307higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Impact A member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances…

  • CVE-2026-54302higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Impact An authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious `webhookId`. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's…

  • CVE-2026-54312higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes `Object.prototype` process-wide for the lifetime of the n8n server…

  • CVE-2026-54322higJun 16, 2026
    risk 0.38cvss epss 0.00

    ### Summary Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the target role by its identifier alone, without verifying the role belonged to that organization. An…

  • CVE-2026-52845higJun 16, 2026
    risk 0.38cvss epss 0.00

    ### Summary `forward_auth copy_headers` deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through `php_fastcgi`, Caddy normalizes HTTP headers into CGI variables by replacing `-` with `_`. …

  • CVE-2026-52844higJun 16, 2026
    risk 0.38cvss epss 0.00

    ### Summary On Windows, Caddy `path` matchers treat `/private\secret.txt` as outside `/private/*`, but `file_server` later resolves the same request path as `private\secret.txt` on disk. An unauthenticated remote client can request `/private%5csecret.txt` and bypass Caddy…

  • CVE-2026-50574higJun 16, 2026
    risk 0.39cvss epss 0.00

    ### Summary If aria2c is used as an external downloader for a fragmented manifest format (such as an HLS/DASH stream), yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to…

  • CVE-2026-54321higJun 16, 2026
    risk 0.38cvss epss 0.00

    ### Summary Sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. ### Impact When a sandbox…

  • CVE-2026-53622higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Summary There is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS…

  • CVE-2026-53755higJun 16, 2026
    risk 0.38cvss epss 0.00

    ### Summary The Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and…

  • CVE-2026-53754higJun 16, 2026
    risk 0.38cvss epss 0.00

    ### Summary The Docker API server's SSRF protection (`validate_webhook_url` / `validate_url_destination` in `deploy/docker/utils.py`) used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata…

  • CVE-2026-50023higJun 16, 2026
    risk 0.39cvss epss 0.01

    ### Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as `.desktop`, `.url`, `.webloc`) to the user's filesystem, bypassing the remediation for `CVE-2024-38519`. ### Details The fix for `CVE-2024-38519` enforced…

  • CVE-2026-47750HigJun 16, 2026
    risk 0.44cvss 7.8epss 0.00

    stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in…

  • CVE-2026-47747HigJun 16, 2026
    risk 0.44cvss 7.8epss 0.00

    stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in…

  • CVE-2026-22312HigJun 16, 2026
    risk 0.56cvss 8.6epss 0.00

    The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot).

  • CVE-2026-10303HigJun 16, 2026
    risk 0.41cvss 7.4epss 0.01

    In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An…

  • CVE-2026-53866HigJun 16, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected…

  • CVE-2026-53865HigJun 16, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance…

  • CVE-2026-53864HigJun 16, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can…

  • CVE-2026-53863HigJun 16, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially…

  • CVE-2026-53858HigJun 16, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATE_DIRECTORY variable to load runtime dependencies from unintended local…

  • CVE-2026-53857HigJun 16, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy entries through display name changes. Attackers with mutable display names could receive agent responses intended for different…

  • CVE-2026-53855HigJun 16, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools with shell positional arguments to place inline-eval content in shell…

  • CVE-2026-53853HigJun 16, 2026
    risk 0.47cvss 8.3epss 0.00

    OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly…

  • CVE-2026-53849HigJun 16, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user IDs. Attackers with Discord accounts can change their display name to match a…

  • CVE-2026-53846HigJun 16, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local…

  • CVE-2026-53843HigJun 16, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval,…

  • CVE-2026-53842HigJun 16, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDK_PYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDK_PYTHON…

  • CVE-2026-53840HigJun 16, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint can redirect requests to exfiltrate…

  • CVE-2026-50656HigJun 16, 2026
    risk 0.51cvss 7.8epss 0.03

    Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide…

  • CVE-2026-47964HigJun 16, 2026
    risk 0.51cvss 7.8epss 0.00

    DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-47749HigJun 16, 2026
    risk 0.44cvss 7.8epss 0.00

    stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files.…

  • CVE-2026-10748HigJun 16, 2026
    risk 0.56cvss epss 0.00

    An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.

  • CVE-2024-39575HigJun 16, 2026
    risk 0.48cvss 7.4epss 0.00

    update_disk_psu_baseline.sh requires password in plain text