| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-35487 | text-generation-webui has a Path Traversal in load_prompt() — .txt file read without authentication | oobabooga | text-generation-webui | Medium | 5.3 | 2026-04-07 14:50:25 | Deep Dive |
| CVE-2026-35486 | text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation | oobabooga | text-generation-webui | High | 7.5 | 2026-04-07 14:49:38 | Deep Dive |
| CVE-2026-35485 | text-generation-webui has a Path Traversal in load_grammar() — arbitrary file read without authentication | oobabooga | text-generation-webui | High | 7.5 | 2026-04-07 14:47:38 | Deep Dive |
| CVE-2026-35484 | text-generation-webui has a Path Traversal in load_preset() — .yaml file read without authentication | oobabooga | text-generation-webui | Medium | 5.3 | 2026-04-07 14:46:42 | Deep Dive |
| CVE-2026-35483 | text-generation-webui has a Path Traversal in load_template() — .jinja/.yaml/.yml file read without authentication | oobabooga | text-generation-webui | Medium | 5.3 | 2026-04-07 14:45:07 | Deep Dive |
| CVE-2026-35050 | text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at "Session -> Save extention settings to user_data/settings.yaml". | oobabooga | text-generation-webui | Critical | 9.1 | 2026-04-06 17:30:21 | Deep Dive |
| CVE-2025-12487 | oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability | oobabooga | text-generation-webui | 超危 | - | 2025-11-06 20:12:07 | Deep Dive |
| CVE-2025-12488 | oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability | oobabooga | text-generation-webui | 超危 | - | 2025-11-06 20:11:52 | Deep Dive |
| CVE-2025-62364 | text-generation-webui allows arbitrary file read via symbolic link upload | oobabooga | text-generation-webui | Medium | 6.2 | 2025-10-13 20:30:56 | Deep Dive |