Lucene search
K

268 matches found

EUVD
EUVD
added 2026/05/15 9:44 p.m.19 views

EUVD-2026-30661

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profileimageurl field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is...

5.4CVSS5.9AI score0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 9:29 p.m.8 views

CVE-2026-45317 Open WebUI: Cross-Site Request Forgery (CSRF) via Image URL Manipulation

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery CSRF vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint,...

4.6CVSS5.8AI score0.00165EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 9:29 p.m.43 views

CVE-2026-45317 Open WebUI: Cross-Site Request Forgery (CSRF) via Image URL Manipulation

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery CSRF vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint,...

4.6CVSS0.00165EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 9:29 p.m.18 views

EUVD-2026-30658

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery CSRF vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint,...

4.6CVSS5.8AI score0.00165EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.0 had a cross-site scripting vulnerability. This vulnerability stemmed from the profileimageurl field in the user profile update form accepting arbitrary data: URI...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.3 contained a security vulnerability. This vulnerability stemmed from the channel webhook creation/update process accepting arbitrary profileimageurl values,...

7.4CVSS6AI score0.00212EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/14 8:18 p.m.12 views

Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipulation

Summary An application-wide Cross-Site Request Forgery CSRF vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint, allowing them to perform actions on behalf of a victim user. Any authenticated user can exploit this...

4.6CVSS5.8AI score0.00165EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/14 8:18 p.m.6 views

GHSA-J6W6-986J-2M2M Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipulation

Summary An application-wide Cross-Site Request Forgery CSRF vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint, allowing them to perform actions on behalf of a victim user. Any authenticated user can exploit this...

4.6CVSS5.8AI score0.00165EPSS
Exploits1References4
OSV
OSV
added 2026/05/14 8:15 p.m.3 views

GHSA-6GH2-Q7CP-9QF6 Open WebUI has Stored Cross-Site Scripting In Profile Picture

Summary The profileimageurl field on the user profile update form accepted arbitrary data: URI values without MIME-type validation. Two distinct attack paths were independently demonstrated by separate reporters: 1. data:text/html;base64,... in a new browser tab raresvis, 2025-04-17 — when a vict...

5.4CVSS6AI score0.00199EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

FluentCMS 跨站脚本漏洞

FluentCMS is an open-source content management system developed by FluentCMS. Version 1.2.3 of FluentCMS has a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site script in the file management module. It allows authenticated administrators to upload...

5.4CVSS5.6AI score0.00138EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 12:0 a.m.13 views

CVE-2025-70842

FluentCMS 1.2.3 is affected in its File Management module by a Stored XSS vulnerability. An authenticated administrator can upload crafted SVG files containing malicious JavaScript, and the injected script executes in the browser of any user who accesses the direct URL to the image, including una...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 10:21 p.m.68 views

CVE-2026-42339 New API: SSRF Filter Bypass via 0.0.0.0

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...

7.1CVSS0.00258EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-38265

Name of the Vulnerable Software and Affected Versions New API versions 0.11.9-alpha.1 and earlier Description New API, a large language model LLM gateway and artificial intelligence AI asset management system, contains a Server-Side Request Forgery SSRF flaw. This issue occurs due to insufficient...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-7653

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...

6.5CVSS6.3AI score0.01294EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 7:0 p.m.15 views

CVE-2026-7150

The CVE-2026-7150 entry concerns dh1011 auto-favicon (MCP Tool) where the function generate_favicon_from_url in src/auto_favicon/server.py is affected. Manipulating the image_url argument enables server-side request forgery, with remote exploitation reportedly possible and the exploit publicly av...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/27 7:0 p.m.3 views

CVE-2026-7150 dh1011 auto-favicon MCP Tool server.py generate_favicon_from_url server-side request forgery

A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generatefaviconfromurl of the file src/autofavicon/server.py of the component MCP Tool. The manipulation of the argument imageurl results in server-side request forgery...

6.5CVSS6AI score0.00201EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.12 views

Auto Favicon MCP Server 代码问题漏洞

The Auto Favicon MCP Server is a tool developed by Yuey, a personal developer, for automatically generating website icons. The Auto Favicon MCP Server f189116a9259950c2393f114dbcb94dde0ad864b and previous versions have code vulnerabilities. These vulnerabilities stem from improper handling of the...

6.5CVSS6.7AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 9:31 a.m.5 views

EUVD-2026-24672

The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page wpoadminpage.php lacking nonce generation wpnoncefield and verification wpverifynonce/checkadminreferer. Thi...

6.1CVSS5.7AI score0.00181EPSS
Exploits0References12
NVD
NVD
added 2026/04/22 9:16 a.m.4 views

CVE-2026-4131

The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page wpoadminpage.php lacking nonce generation wpnoncefield and verification wpverifynonce/checkadminreferer. Thi...

6.1CVSS0.00181EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.28 views

CVE-2026-4131 WP Responsive Popup + Optin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpo_image_url' Parameter

The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page wpoadminpage.php lacking nonce generation wpnoncefield and verification wpverifynonce/checkadminreferer. Thi...

6.1CVSS0.00181EPSS
Exploits0References11
Rows per page
Query Builder