Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account.
Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5.
Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1.
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9.
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0.
Unauthenticated SQL Injection in Advanced Ads โ Tracking < 3.0.7 versions.
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion
Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}
Open WebUI: Stored XSS to Account Takeover via Model Profile Images
Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion
Open WebUI: Stored XSS in Mermaid Markdown Preview
Open WebUI: Forged chat-file link allows cross-user file read and deletion
Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field
Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)
Open WebUI: Cross-origin postMessage confirmation bypass via action:submit