Lucene search
K

6 matches found

CVE
CVE
added 5 days ago11 views

CVE-2026-59222

Open WebUI is a self-hosted AI platform. CVE-2026-59222 affects versions from 0.7.0 up to, but not including, 0.10.0. The vulnerability arises when GET /api/v1/channels/{id}/members returns full UserModelResponse objects for channel members, including settings.ui.toolServers[].key and webhook con...

6.5CVSS5.9AI score0.00265EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51020

Name of the Vulnerable Software and Affected Versions Mercator versions prior to 2025.05.19 Description The Query Engine allows authenticated users to execute queries via a JSON DSL Domain Specific Language, which is a specialized language used to define data queries. The controller method...

7.1CVSS5.9AI score0.00281EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Open WebUI 访问控制错误漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Prior to Open WebUI 0.9.0, there was an access control vulnerability. This vulnerability stemmed from the /responses endpoint in the OpenAI router, which accepted any authenticated user and directly...

7.1CVSS5.8AI score0.00306EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/05 6:40 a.m.16 views

Information Exposure

org.springframework.ai, spring-ai-autoconfigure-model-transformers is vulnerable to information exposure. The vulnerability is due to improper isolation in a shared environment, which allows an attacker to access and retrieve the ONNX model used by the application...

6.1CVSS5.8AI score0.00105EPSS
Exploits0References4Affected Software2
Packet Storm News
Packet Storm News
added 2025/11/06 12:0 a.m.6 views

From Model to Breach: Towards Actionable LLM-Generated Vulnerabilities Reporting

As the role of Large Language Models LLM-based coding assistants in software development becomes more critical, so does the role of the bugs they generate in the overall cybersecurity landscape. While a number of LLM code security benchmarks have been proposed alongside approaches to improve the...

7.4AI score
Exploits0
OSV
OSV
added 2020/05/18 5:15 a.m.4 views

CVE-2020-12859

Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...

5.3CVSS6.1AI score0.00687EPSS
Exploits0References2
Rows per page
Query Builder