6 matches found
CVE-2026-59222
Open WebUI is a self-hosted AI platform. CVE-2026-59222 affects versions from 0.7.0 up to, but not including, 0.10.0. The vulnerability arises when GET /api/v1/channels/{id}/members returns full UserModelResponse objects for channel members, including settings.ui.toolServers[].key and webhook con...
PT-2026-51020
Name of the Vulnerable Software and Affected Versions Mercator versions prior to 2025.05.19 Description The Query Engine allows authenticated users to execute queries via a JSON DSL Domain Specific Language, which is a specialized language used to define data queries. The controller method...
Open WebUI 访问控制错误漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Prior to Open WebUI 0.9.0, there was an access control vulnerability. This vulnerability stemmed from the /responses endpoint in the OpenAI router, which accepted any authenticated user and directly...
Information Exposure
org.springframework.ai, spring-ai-autoconfigure-model-transformers is vulnerable to information exposure. The vulnerability is due to improper isolation in a shared environment, which allows an attacker to access and retrieve the ONNX model used by the application...
From Model to Breach: Towards Actionable LLM-Generated Vulnerabilities Reporting
As the role of Large Language Models LLM-based coding assistants in software development becomes more critical, so does the role of the bugs they generate in the overall cybersecurity landscape. While a number of LLM code security benchmarks have been proposed alongside approaches to improve the...
CVE-2020-12859
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...