Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,884
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 4,221 - 4,240 of 38,432 CVEs
CVE-2026-54010 HIGH - 8.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary file_id values to their own chat message without checking whether they own or can read those files. If the attacker then shares th...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54009 MEDIUM - 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an image_url.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the globa...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54008 HIGH - 8.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.py::_process_picture_url calls validate_url(picture_url) on the initial URL only, then invokes aiohttp.ClientSession.get(picture_url, ...) without allow_r...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54007 HIGH - 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows non-same-origin input:prompt and action:submit messages, so an external site can set prompt text and trigger submitPrompt() in an authenticated victim s...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54006 MEDIUM - 4.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/{event_id}/update validates that the caller has write access to the calendar the event currently belongs to, but does not validate the destination calendar...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, so U...

Vendor: npm
Product: nocodb
Published: Jun 17, 2026
Source: GitHub

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse (file:, ftp:, etc.) and probing of internal HTTP destinati...

Vendor: npm
Product: nocodb
Published: Jun 17, 2026
Source: GitHub

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NC_SECURE_ATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. The signed attachment handler store...

Vendor: npm
Product: nocodb
Published: Jun 17, 2026
Source: GitHub

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordFo...

Vendor: npm
Product: nocodb
Published: Jun 17, 2026
Source: GitHub

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint (axiosRequestMake) accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled regex blocklist that omitted 127.0.0.0/8 and 169.254.0.0/16, all...

Vendor: npm
Product: nocodb
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54233 MEDIUM - 6.5

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to ~14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23...

Vendor: pip
Product: vllm
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54236 MEDIUM - 5.3

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo s...

Vendor: pip
Product: vllm
Published: Jun 17, 2026
Source: GitHub
CVE-2026-53923 MEDIUM - 7.5

vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf/gguf_kernel.cu) causes partial tensor processing. The output tensor is allocated at full size v...

Vendor: pip
Product: vllm
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54235 MEDIUM - 6.5

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every gu...

Vendor: pip
Product: vllm
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54761 MEDIUM - 7.1

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple (WRR) backendRefs, Traefik evaluates the allo...

Vendor: go
Product: github.com/traefik/traefik/v3
Published: Jun 17, 2026
Source: GitHub
CVE-2026-53765 MEDIUM - 6.1

Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync() to a deterministic runtime path. On typical macOS environments, and on Linux sessions...

Vendor: npm
Product: chrome-devtools-mcp
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54325 MEDIUM - 4.4

Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules load...

Vendor: npm
Product: @earendil-works/pi-coding-agent
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54328 HIGH - 7.3

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary directo...

Vendor: npm
Product: @earendil-works/pi-coding-agent
Published: Jun 17, 2026
Source: GitHub

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to owner-only permiss...

Vendor: npm
Product: @mariozechner/pi-coding-agent
Published: Jun 17, 2026
Source: GitHub
CVE-2026-9690 HIGH - 7.5

Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.

Published: Jun 17, 2026
Source: NVD