Lucene search
+L

4 matches found

nvd
nvd
added 2026/07/09 5:17 p.m.8 views

CVE-2026-59213

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

5CVSS0.00273EPSS
Exploits1References4
euvd
euvd
added 2026/07/09 4:55 p.m.7 views

EUVD-2026-42629

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

3.5CVSS6AI score0.00273EPSS
Exploits1References4
cvelist
cvelist
added 2026/05/05 12:40 p.m.47 views

CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

6.5CVSS0.00251EPSS
Exploits1References3
nvd
nvd
added 2026/02/26 11:16 p.m.14 views

CVE-2026-27838

wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...

3.5CVSS0.00245EPSS
Exploits1References2
Rows per page
Query Builder