Lucene search
+L

2033 matches found

OSV
OSV
added 2026/05/15 7:41 p.m.5 views

CVE-2026-44559 Open WebUI: Missing Access Check on Channel Members Endpoint for Standard Channels

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/id/members endpoint only checks membership for group and dm channel types lines 467-469. For standard channels — including private ones — there is no...

4.3CVSS6AI score0.00221EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/15 7:34 p.m.46 views

CVE-2026-44561 Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...

5.4CVSS0.00178EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 7:34 p.m.8 views

CVE-2026-44561 Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 7:34 p.m.27 views

CVE-2026-44561

CVE-2026-44561 affects Open WebUI. The vulnerability arises in the is_user_channel_member check: before 0.9.0, the code verifies ChannelMember existence but ignores is_active, so deactivated members (status 'left', is_active=False) retain full read/write access to group/DM channels via direct API...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/15 7:34 p.m.3 views

CVE-2026-44561 Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...

5.4CVSS5.9AI score0.00178EPSS
Exploits1References3
OSV
OSV
added 2026/05/15 9:11 a.m.7 views

BIT-GITLAB-2026-8144 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object reference vulnerabilities in the channel functionality. The...

4.3CVSS5.8AI score0.00204EPSS
Exploits1References2
NVD
NVD
added 2026/05/14 6:16 a.m.13 views

CVE-2026-8144

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

4.3CVSS0.00181EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.8 views

CVE-2026-8144

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 6:16 a.m.6 views

UBUNTU-CVE-2026-8144

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 5:33 a.m.8 views

CVE-2026-8144 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:33 a.m.10 views

CVE-2026-8144

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/14 5:33 a.m.51 views

CVE-2026-8144 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

4.3CVSS0.00181EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 5:33 a.m.18 views

EUVD-2026-30241

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 5:33 a.m.39 views

CVE-2026-8144

GitLab CE/EE had an authorization check flaw that could allow an authenticated user with project membership to enumerate private group members. Affected versions: 15.1–18.9.6, 15.1–18.10.5, and 15.1–18.11.2. Remediation was applied in patch releases: 18.9.7, 18.10.6, and 18.11.3 respectively. Imp...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.9.7, 18.10....

4.3CVSS5.9AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-40879

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.1 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where an authenticated user with project membership can enumerate private group...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

ShellHub 安全漏洞

ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained security vulnerabilities. These vulnerabilities stemmed from the GET /api/namespaces/:tenant request, which returned complete namespace objects, including...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

cPanel 安全漏洞

cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has security vulnerabilities, which stem from improper permission authorization checks by team...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/08 8:1 p.m.14 views

Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

Deactivated Channel Members Retain Full Access to Group/DM Channels Affected Component Channel membership authorization check: - backend/openwebui/models/channels.py lines 663-673, isuserchannelmember - Used at 15 locations in backend/openwebui/routers/channels.py Affected Versions Current main...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder