Lucene search
+L

351 matches found

attackerkb
attackerkb
added last week11 views

CVE-2026-59225

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...

5.4CVSS6AI score0.00211EPSS
Exploits0References5Affected Software1
euvd
euvd
added last week8 views

EUVD-2026-42639

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...

5.4CVSS6AI score0.00211EPSS
Exploits0References4
osv
osv
added last week3 views

CVE-2026-59217 Open WebUI: Upload `metadata.knowledge_id` bypasses the knowledge-base write-access check (read-only users can add files to KB)

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the file upload path accepted metadata.knowledgeid and auto-linked uploaded files to a target knowledge base without applying the write-access check used by /api/v1/knowledge//file/add, allowing...

4.3CVSS6.2AI score0.00272EPSS
Exploits1References6
osv
osv
added 2026/07/07 7:16 p.m.5 views

CVE-2026-48956

An improper access check allows users to display a list of modules in the frontend...

5CVSS6.1AI score
Exploits0References1
osv
osv
added 2026/07/07 7:16 p.m.2 views

CVE-2026-48955

An improper access check allows unauthorized users to access workflow stage and transition information...

6.5CVSS6.1AI score
Exploits0References1
nvd
nvd
added 2026/07/07 7:16 p.m.12 views

CVE-2026-48955

An improper access check allows unauthorized users to access workflow stage and transition information...

6.5CVSS0.00208EPSS
Exploits0References1
nvd
nvd
added 2026/07/07 7:16 p.m.11 views

CVE-2026-48957

An improper access check allows unauthorized users to access comprivacy datasets...

8.8CVSS0.0024EPSS
Exploits0References1
nvd
nvd
added 2026/07/07 7:16 p.m.10 views

CVE-2026-48956

An improper access check allows users to display a list of modules in the frontend...

6.4CVSS0.00168EPSS
Exploits0References1
osv
osv
added 2026/07/07 7:16 p.m.3 views

CVE-2026-48948

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

8.8CVSS6.1AI score
Exploits0References1
osv
osv
added 2026/07/07 7:16 p.m.2 views

CVE-2026-48947

An improper access check allows privileged users to overwrite media files without editing permissions...

4.9CVSS6.1AI score
Exploits0References1
nvd
nvd
added 2026/07/07 7:16 p.m.9 views

CVE-2026-48948

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

8.8CVSS0.0024EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/07 5:32 p.m.8 views

CVE-2026-48947

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/07/07 5:32 p.m.7 views

EUVD-2026-42069

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References1
euvd
euvd
added 2026/07/07 5:32 p.m.6 views

EUVD-2026-42068

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

6.4CVSS6AI score0.00262EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/07 5:31 p.m.35 views

CVE-2026-48955 Joomla! Core - [20260709] - Incorrect Access Control in com_workflow

An improper access check allows unauthorized users to access workflow stage and transition information...

6.4CVSS0.00208EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/07 5:31 p.m.6 views

CVE-2026-48955

An improper access check allows unauthorized users to access workflow stage and transition information...

6.4CVSS6AI score0.00208EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/07 5:31 p.m.8 views

CVE-2026-48956

An improper access check allows users to display a list of modules in the frontend...

6.4CVSS6AI score0.00168EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/07/07 5:31 p.m.6 views

EUVD-2026-42065

An improper access check allows users to display a list of modules in the frontend...

6.4CVSS6AI score0.00168EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/07 5:30 p.m.6 views

CVE-2026-48957

An improper access check allows unauthorized users to access comprivacy datasets...

6.4CVSS6AI score0.0024EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/07/07 5:30 p.m.6 views

EUVD-2026-42064

An improper access check allows unauthorized users to access comprivacy datasets...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
Rows per page
Query Builder