Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

289 New today
64,988 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
56
Jun 24
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.4 CVE-2026-54015

Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion_CVE-2026-54015

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-hist...

open-webui open-webui < 0.9.6 CVE
MEDIUM 4.3 CVE-2026-54014

Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui_CVE-2026-54014

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability e...

open-webui open-webui < 0.9.6 CVE
HIGH 7.6 CVE-2026-54013

Open WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUI_CVE-2026-54013

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in us...

open-webui open-webui < 0.9.6 CVE
HIGH 7.1 CVE-2026-54012

Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion_CVE-2026-54012

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can c...

open-webui open-webui < 0.9.6 CVE
HIGH 8.7 CVE-2026-54011

Open WebUI: Stored XSS in Mermaid Markdown Preview_CVE-2026-54011

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks...

open-webui open-webui < 0.9.6 CVE
HIGH 8.3 CVE-2026-54010

Open WebUI: Forged chat-file link allows cross-user file read and deletion_CVE-2026-54010

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated...

open-webui open-webui < 0.9.6 CVE
MEDIUM 6.5 CVE-2026-54009

Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field_CVE-2026-54009

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accep...

open-webui open-webui < 0.9.6 CVE
HIGH 8.5 CVE-2026-54008

Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url`_CVE-2026-54008

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.p...

open-webui open-webui < 0.9.6 CVE
HIGH 7.1 CVE-2026-54007

Open WebUI: Cross-origin postMessage confirmation bypass via action:submit_CVE-2026-54007

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows...

open-webui open-webui < 0.9.6 CVE