Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model

Picklescan is vulnerable to RCE via missing detection when calling

llama-index-core insecurely handles temporary files

Open WebUI's process_files_batch() endpoint missing ownership check

Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base

Open WebUI: Redis Cache Keys tool_servers and terminal_servers

vLLM is an inference and serving engine for large language