Lucene search
K

41 matches found

NVD
NVD
added 5 days ago11 views

CVE-2026-59226

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, executeautomation rehydrated automation owners without rechecking that they were still active or still had features.automations, and checkmodelaccess only enforced private-model grants...

4.3CVSS0.00303EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42620

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, executeautomation rehydrated automation owners without rechecking that they were still active or still had features.automations, and checkmodelaccess only enforced private-model grants...

3.1CVSS6AI score0.00303EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59226

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, executeautomation rehydrated automation owners without rechecking that they were still active or still had features.automations, and checkmodelaccess only enforced private-model grants...

3.1CVSS6AI score0.00303EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56830

Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.9.0 through 0.9.x Description The execute automation function rehydrated automation owners without verifying if they remained active or retained features.automations permissions. Additionally, the check model access...

4.3CVSS6.1AI score0.00303EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52095

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Rocket.Chat versions prior to 8.4.2 Rocket.Chat versions prior to 8.3.4 Rocket.Chat versions prior to 8.2.4 Rocket.Chat versions prior to 8.1.5 Rocket.Chat versions prior to 8.0.6 Rocket.Chat versions prior ...

2.3CVSS5.8AI score0.00215EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.13 views

CVE-2026-41891

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS5.3AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:34 p.m.8 views

CVE-2026-44561

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/15 7:34 p.m.17 views

EUVD-2026-30619

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the isuserchannelmember function, which checked whether the...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:24 a.m.7 views

CVE-2026-41891

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS5.7AI score0.00269EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 5:40 p.m.5 views

CVE-2026-30831 Rocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamer

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The Account.login method exposed through the DDP...

9.3CVSS5.8AI score0.00333EPSS
Exploits0References1
OSV
OSV
added 2026/03/06 5:40 p.m.5 views

CVE-2026-30831 Rocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamer

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The Account.login method exposed through the DDP...

9.3CVSS5.8AI score0.00333EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.3 views

Mattermost Server 10.11.x <= 10.11.9 / 11.0.x <= 11.2.x Improper Access Control (MMSA-2025-00549)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00549 advisory. - Mattermost versions 10.11.x = 10.11.9 and 11.0.x = 11.2.x fail to properly enforce access control checks in the common teams API. This allows the API to...

3.1CVSS5.9AI score0.00199EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/14 1:6 p.m.16 views

CVE-2026-20796

Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...

3.1CVSS5.5AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2026/02/13 12:31 p.m.3 views

GHSA-2XF7-HMF6-P64J Mattermost doesn't properly validate channel membership at the time of data retrieval

Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...

3.1CVSS5.5AI score0.00199EPSS
Exploits0References3
NVD
NVD
added 2026/02/13 11:16 a.m.8 views

CVE-2026-20796

Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...

3.1CVSS0.00199EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/13 10:30 a.m.4 views

CVE-2026-20796

Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...

3.1CVSS5.5AI score0.00199EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-5426

Malware in sbrugna...

7.5CVSS7.5AI score0.00641EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2023-0140

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00752EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-22471

Malicious code in bioql PyPI...

7.4CVSS6.3AI score0.00489EPSS
Exploits0References5
Rows per page
Query Builder