Recent analyses

• CVE-2026-44553 Open WebUI A security vulnerability has been identified in the Open WebUI platform, an AI interface designed for self-hosted, offline environments.
• CVE-2026-44570 Open WebUI A security vulnerability has been identified in the Open WebUI platform, an AI interface designed for self-hosted, offline environments.
• CVE-2026-45331 Open WebUI A security vulnerability has been identified in the Open WebUI platform, an AI interface designed for self-hosted, offline environments.
• CVE-2026-45400 Open WebUI A security vulnerability has been identified in the Open WebUI platform, an AI interface designed for self-hosted, offline environments.
• CVE-2026-45401 Open WebUI A security vulnerability has been identified in the Open WebUI platform, an AI interface designed for self-hosted, offline environments.
• CVE-2021-47965 WordPress The WP Super Edit plugin for WordPress contains an unrestricted file upload vulnerability in the FCKeditor component, enabling remote code execution.
• CVE-2026-44552 Open WebUI A vulnerability exists in Open WebUI that may allow for unauthorized access or system impact.
• CVE-2026-45010 phpMyFAQ phpMyFAQ lacks rate limiting on its TOTP authentication endpoint, allowing unauthenticated attackers to brute-force two-factor authentication tokens.
• CVE-2026-45315 Open WebUI A vulnerability exists in Open WebUI that may allow for unauthorized access or system impact.
• CVE-2026-45672 Open WebUI A vulnerability exists in Open WebUI that may allow for unauthorized access or system impact.
• CVE-2026-46364 phpMyFAQ phpMyFAQ contains an unauthenticated SQL injection vulnerability in its captcha handling methods, allowing attackers to extract sensitive database information.
• CVE-2026-41258 OpenMRS OpenMRS Core fails to properly sandbox Apache Velocity templates, allowing authenticated users with specific privileges to achieve arbitrary Java reflection and code execution.
• CVE-2026-42897 Microsoft A cross-site scripting (XSS) vulnerability in Microsoft Exchange Server allows unauthenticated attackers to perform spoofing over a network.
• CVE-2026-44551 Open WebUI The LDAP authentication endpoint in Open WebUI fails to validate non-empty passwords, allowing unauthenticated attackers to bypass authentication and obtain session tokens.
• CVE-2026-44717 MCP The MCP Calculate Server utilizes the unsafe eval() function to process mathematical expressions, allowing unauthenticated remote code execution.
• CVE-2026-8519 Google An integer overflow in the ANGLE graphics engine of Google Chrome on Windows allows for memory corruption and potential code execution.
• CVE-2026-8524 Google An out-of-bounds write vulnerability in the WebAudio component of Google Chrome may lead to memory corruption and arbitrary code execution.
• CVE-2026-8517 Google An object lifecycle issue in the WebShare component of Google Chrome on Mac allows for potential memory corruption and code execution.
• CVE-2026-8574 Google A use-after-free vulnerability in the Core component of Google Chrome on Windows allows for potential arbitrary code execution.
• CVE-2026-8575 Google A use-after-free vulnerability exists in the UI component of Google Chrome, potentially allowing for arbitrary code execution.
• CVE-2026-8542 Google A use-after-free vulnerability in the Core component of Google Chrome on Windows could lead to arbitrary code execution.
• CVE-2026-8515 Google A use-after-free vulnerability in the HID (Human Interface Device) component of Google Chrome may allow for arbitrary code execution.
• CVE-2026-8523 Google A use-after-free vulnerability in the Mojo IPC component of Google Chrome may lead to memory corruption and arbitrary code execution.
• CVE-2026-8525 Google A heap buffer overflow in the ANGLE graphics library component of Google Chrome on macOS could lead to arbitrary code execution.
• CVE-2026-8530 Google A use-after-free vulnerability in the Network component of Google Chrome on Windows may lead to arbitrary code execution.
• CVE-2026-8533 Google A use-after-free vulnerability in the Accessibility component of Google Chrome may lead to memory corruption and arbitrary code execution.
• CVE-2026-8512 Google A use-after-free vulnerability in the FileSystem component of Google Chrome may lead to memory corruption and arbitrary code execution.
• CVE-2026-8513 Google A use-after-free vulnerability in the Input handling component of Google Chrome on Android may allow for memory corruption.
• CVE-2026-8514 Google A use-after-free vulnerability in the Aura component of Google Chrome may lead to memory corruption and potential arbitrary code execution.
• CVE-2026-8587 Google A use-after-free vulnerability exists within the Extensions component of Google Chrome on macOS, potentially allowing for arbitrary code execution.