3 matches found
PT-2026-50481
Name of the Vulnerable Software and Affected Versions Open-webui affected versions not specified Description An authenticated user can access files belonging to other users by exploiting a lack of ownership verification in the image processing path. When the POST endpoint "/api/chat/completions"...
GHSA-2QJ5-GWG2-XWC4 OpenClaw: Unsanitized CWD path injection into LLM prompts
Overview OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example newlines or Unicode bidi/zero-width markers, those...
Flowise OverrideConfig security vulnerability
Impact Flowise allows developers to inject configuration into the Chainflow during execution through the overrideConfig option. This is supported in both the frontend web integration and the backend Prediction API. This has a range of fundamental issues that are a major security vulnerability...