Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

227 New today
64,835 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
197
Jun 23
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-54012

Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion_CVE-2026-54012

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can c...

open-webui open-webui < 0.9.6 CVE
HIGH 8.7 CVE-2026-54011

Open WebUI: Stored XSS in Mermaid Markdown Preview_CVE-2026-54011

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks...

open-webui open-webui < 0.9.6 CVE
HIGH 8.3 CVE-2026-54010

Open WebUI: Forged chat-file link allows cross-user file read and deletion_CVE-2026-54010

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated...

open-webui open-webui < 0.9.6 CVE
MEDIUM 6.5 CVE-2026-54009

Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field_CVE-2026-54009

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accep...

open-webui open-webui < 0.9.6 CVE
HIGH 8.5 CVE-2026-54008

Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url`_CVE-2026-54008

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.p...

open-webui open-webui < 0.9.6 CVE
HIGH 7.1 CVE-2026-54007

Open WebUI: Cross-origin postMessage confirmation bypass via action:submit_CVE-2026-54007

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows...

open-webui open-webui < 0.9.6 CVE
MEDIUM 4.3 CVE-2026-54006

Open WebUI: Calendar event re-parenting allows writing events into another user’s calendar_CVE-2026-54006

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/{e...

open-webui open-webui < 0.9.6 CVE
MEDIUM 5.3 CVE-2026-50221

CVE-2026-50221_CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-De...

OpenStack Swift 2.0.0 CVE
MEDIUM 5.2 CVE-2026-49983

Deno: process.loadEnvFile() bypasses env permission checks and mutates process.env with only read access_CVE-2026-49983

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with ...

denoland deno < 2.8.1 CVE