#patchstack β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #patchstack, aggregated by home.social.
-
π CVE-2026-45047 - High (7.5)
bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&request) without restricting the maximum read si...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-42735 - High (8.2)
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42735/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-42735 - High (8.2)
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42735/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-42735 - High (8.2)
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42735/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-42755 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42755/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-42755 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42755/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-42755 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42755/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-42748 - Critical (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-42748 - Critical (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-42748 - Critical (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-45301 - High (8.1)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file u...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45301/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-45301 - High (8.1)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file u...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45301/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-45301 - High (8.1)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file u...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45301/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-44570 - High (8.3)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, resto...
π https://www.thehackerwire.com/vulnerability/CVE-2026-44570/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-44570 - High (8.3)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, resto...
π https://www.thehackerwire.com/vulnerability/CVE-2026-44570/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-44570 - High (8.3)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, resto...
π https://www.thehackerwire.com/vulnerability/CVE-2026-44570/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-45338 - High (7.7)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnerability exists in _process_picture_url() in backend/open_webui/utils/oauth.py (line ~1338...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45338/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-45338 - High (7.7)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnerability exists in _process_picture_url() in backend/open_webui/utils/oauth.py (line ~1338...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45338/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-45338 - High (7.7)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnerability exists in _process_picture_url() in backend/open_webui/utils/oauth.py (line ~1338...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45338/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-45315 - High (8.7)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHE_DIR/...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45315/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-45315 - High (8.7)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHE_DIR/...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45315/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-45315 - High (8.7)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHE_DIR/...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45315/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-45665 - High (8.1)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due to an improper sanitization order (specifically...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45665/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-45665 - High (8.1)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due to an improper sanitization order (specifically...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45665/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-45665 - High (8.1)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due to an improper sanitization order (specifically...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45665/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8657 - High (8.2)
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by supplying crafted delta or J...
π https://www.thehackerwire.com/vulnerability/CVE-2026-8657/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8657 - High (8.2)
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by supplying crafted delta or J...
π https://www.thehackerwire.com/vulnerability/CVE-2026-8657/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8657 - High (8.2)
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by supplying crafted delta or J...
π https://www.thehackerwire.com/vulnerability/CVE-2026-8657/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8529 - High (8.8)
Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8529 - High (8.8)
Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8529 - High (8.8)
Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8527 - High (8.8)
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8527/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8527 - High (8.8)
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8527/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8527 - High (8.8)
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8527/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8526 - High (8.8)
Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8526/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8526 - High (8.8)
Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8526/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8526 - High (8.8)
Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8526/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8525 - High (8.3)
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8525/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8525 - High (8.3)
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8525/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8525 - High (8.3)
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8525/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8524 - High (8.8)
Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8524 - High (8.8)
Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8524 - High (8.8)
Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8523 - High (8.3)
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8523/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8523 - High (8.3)
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8523/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8523 - High (8.3)
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8523/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8540 - High (8.8)
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8540/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8540 - High (8.8)
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8540/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8540 - High (8.8)
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-8540/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-8534 - High (8.3)
Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:...
π https://www.thehackerwire.com/vulnerability/CVE-2026-8534/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack