Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 10+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Medium
Blind SSRF in Image Edit Functionality (CVE-2026-3425)
CVE-2026-3425 · github.com · 2026-04-18
open-webui <= 0.7.2
Read more
High
Open WebUI v0.8.11 Security Patch Summary: SSRF, Bypass, Session Fixation
github.com · 2026-04-02
Open WebUI < 0.8.11
Read more
High
Open WebUI Tool Valves Broken Access Control (CVE-2025-14222)
CVE-2025-14222 · github.com · 2026-04-02
Open WebUI < 0.8.11
Read more
High
open-webui Stored XSS via iFrame Sandbox Bypass (CVE-2026-26193)
CVE-2026-26193 · github.com · 2026-02-21
open-webui <= 0.6.43
Read more
High
CVE-2026-26192 Stored XSS via Unsafe iFrame Implementation
CVE-2026-26192 · github.com · 2026-02-21
open-webui <=0.6.43
Read more
High
Open-WebUI Stored XSS Vulnerability (CVE-2025-65959) Analysis and Fix
CVE-2025-65959 · github.com · 2025-12-05
open-webui <=0.6.36
Read more
High
CVE-2025-65958 SSRF Vulnerability Analysis and PoC
CVE-2025-65958 · github.com · 2025-12-05
open-webui <=0.6.36
Read more
High
Open WebUI CVE-2025-64495 Stored DOM XSS Leading to RCE
CVE-2025-64495 · github.com · 2025-11-09
open-webui <= 0.6.34
Read more
OpenWebUI 0.6.5 Stored XSS and RCE Vulnerability (CVE-2023-46719) Analysis
github.com · 2025-05-07

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Stored XSS and RCE - **Affected Version**: 0.6.5 - **CVE ID**: CVE-2023-46719 - **Severity**: High #### Stored XSS - **Descrip…

Read more
CVE-2025-46571: Stored XSS via Uploaded HTML File Analysis
github.com · 2025-05-07

### Key Information #### Vulnerability Type - **Limited stored XSS via uploaded HTML file** #### Affected Versions - **Affected versions**: 0.6.5 - **Patched versions**: None #### Vulnerability Descri…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.