Vulnerability Research
[!] Original security research and CVE discoveries. Password protected.
CVE RESEARCH
Critical
Open WebUI - Remote Code Execution via Plugin System
Open WebUI
CVSS: 9.8
CWE-94
Arbitrary Python code execution through malicious Tool/Function plugins
CVE RESEARCH
Critical
n8n Workflow Automation - Command Injection
n8n
CVSS: 9.8
CWE-78
OS command injection via Execute Command node using child_process.exec()
CVE RESEARCH
High
Glance Dashboard - Server-Side Request Forgery
Glance Dashboard
CVSS: 7.5
CWE-918
SSRF in Extension and Custom API widgets allows access to internal services and cloud metadata
[NOTICE] All research is conducted ethically and disclosed responsibly. Exploits are provided for educational and authorized testing purposes only.