219610 matches found
GHSA-V6QF-75PR-P96M Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED]
Summary An internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated user to append ?bypassfilter=true and bypass model access control checks to invoke admin-restricted models...
Open WebUI's chat completion API allows tool restrictions to be bypassed
Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. Details In the chatcompletion API, the parameters toolids and toolservers are supplied by the user. These...
Open WebUI has Broken Access Control for Completions API
Summary Any user X can continue the conversation of any other user Y, as long as the Chat ID of Y is known. User X does not even need to be an admin to do so. Details A user just needs to use the API endpoint: /api/chat/completions with their own API key generated in OWUI and the Chat ID of anoth...
GHSA-GFM2-XM6C-37QC Open WebUI has Broken Access Control for Completions API
Summary Any user X can continue the conversation of any other user Y, as long as the Chat ID of Y is known. User X does not even need to be an admin to do so. Details A user just needs to use the API endpoint: /api/chat/completions with their own API key generated in OWUI and the Chat ID of anoth...
Improper Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Authorization in the model update process. An attacker can modify resources belonging to other users by sending crafted requests that bypass intended access controls. Remediation Upgrade open-webui t...
Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)
Summary The POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can pin/unpin it, which is a state-modifying action that should require write permission. All other write endpoin...
CVE-2026-8586
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. Chromium security severity: Medium...
CVE-2026-8566
Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-8566
Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-8586
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. Chromium security severity: Medium...
CVE-2026-36738
U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain...
CVE-2025-28343
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...
CVE-2025-28344
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack...
CVE-2026-8586
CVE-2026-8586 affects the Chromoting component in Google Chrome (upstream Chromium). The issue is an inappropriate implementation that allows a local attacker to bypass discretionary access control via a malicious file, with impact described as medium. Affected versions are Chrome prior to 148.0....
EUVD-2026-30408
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. Chromium security severity: Medium...
CVE-2026-8586
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. Chromium security severity: Medium...
CVE-2026-8586
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. Chromium security severity: Medium...
CVE-2026-8586
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. Chromium security severity: Medium...
CVE-2026-8566
Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-30383
Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...