Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,318
Quick preset (or use dates below)
Clear Filters
Showing 14,421 - 14,425 of 14,425 CVEs

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be execute...

Vendor: pip
Product: open-webui
Published: May 05, 2025
Source: NVD
CVE-2025-23368 HIGH - 8.1

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.

Vendor: maven
Product: org.wildfly.core:wildfly-elytron-integration
Published: Mar 04, 2025
Source: NVD
CVE-2024-49048 HIGH - 8.1

TorchGeo Remote Code Execution Vulnerability

Vendor: pip
Product: torchgeo
Published: Nov 12, 2024
Source: NVD
CVE-2024-27355 HIGH - 7.5

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).

Vendor: composer
Product: phpseclib/phpseclib
Published: Mar 01, 2024
Source: NVD
CVE-2024-27354 HIGH - 7.5

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when ...

Vendor: composer
Product: phpseclib/phpseclib
Published: Mar 01, 2024
Source: NVD