NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID Description Published Base Score Attack Vector Severity Actions
CVE-2026-54010 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated us... 2026-06-23 8.3 NETWORK HIGH NVD
CVE-2026-54009 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts ... 2026-06-23 6.5 NETWORK MEDIUM NVD
CVE-2026-54008 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.py::... 2026-06-23 8.5 NETWORK HIGH NVD
CVE-2026-54007 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows no... 2026-06-23 6.5 NETWORK MEDIUM NVD
CVE-2026-54006 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/{even... 2026-06-23 4.3 NETWORK MEDIUM NVD
CVE-2026-52846 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML ... 2026-06-23 4.2 NETWORK MEDIUM NVD
CVE-2026-52845 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied identity... 2026-06-23 8.1 NETWORK HIGH NVD
CVE-2026-52844 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside... 2026-06-23 7.5 NETWORK HIGH NVD
CVE-2026-50221 In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delet... 2026-06-23 5.4 NETWORK MEDIUM NVD
CVE-2026-49983 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with --d... 2026-06-23 5.2 LOCAL MEDIUM NVD
CVE-2026-49860 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostna... 2026-06-23 5.2 LOCAL MEDIUM NVD
CVE-2026-49859 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch() was called, Deno checked the destination hostname against --de... 2026-06-23 5.2 LOCAL MEDIUM NVD
CVE-2026-49440 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPr... 2026-06-23 7.4 NETWORK HIGH NVD
CVE-2026-49411 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the origi... 2026-06-23 6.5 LOCAL MEDIUM NVD
CVE-2026-49406 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode (nodeModulesDir: "manual"), the module res... 2026-06-23 5.5 LOCAL MEDIUM NVD