Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

292 New today

64,923 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

285

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 9.3

Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow_CVE-2026-54257

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buf...

CVE-2026-54257 electron electron >= 42.3.1, < 42.3.3

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-54022	Open WebUI: Any authenticated user can read other users’ private notes via Socket.IO_CVE-2026-54022 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.I...	open-webui	open-webui < 0.8.11	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-54021	Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter_CVE-2026-54021 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed ...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54019	Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode_CVE-2026-54019 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-leve...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
HIGH 7.7	CVE-2026-54018	Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects_CVE-2026-54018 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader impl...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
MEDIUM 4.3	CVE-2026-54016	Open WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration_CVE-2026-54016 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object L...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
MEDIUM 6.4	CVE-2026-54015	Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion_CVE-2026-54015 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-hist...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
MEDIUM 4.3	CVE-2026-54014	Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui_CVE-2026-54014 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability e...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
HIGH 7.6	CVE-2026-54013	Open WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUI_CVE-2026-54013 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in us...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-54012	Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion_CVE-2026-54012 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can c...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow_CVE-2026-54257

Recent Advisories

Open WebUI: Any authenticated user can read other users’ private notes via Socket.IO_CVE-2026-54022

Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter_CVE-2026-54021

Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode_CVE-2026-54019

Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects_CVE-2026-54018

Open WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration_CVE-2026-54016

Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion_CVE-2026-54015

Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui_CVE-2026-54014

Open WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUI_CVE-2026-54013

Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion_CVE-2026-54012

Protect Your Attack Surface with RedGem

Security Intelligence
Feed