Lucene search
K

57 matches found

NVD
NVD
added 2026/03/27 12:16 a.m.4 views

CVE-2026-29070

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin,...

8.1CVSS0.00252EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained security vulnerabilities. These vulnerabilities stemmed from the lack of access control checks when deleting files from the knowledge base, which could...

8.1CVSS5.9AI score0.00252EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:37 p.m.1 views

CVE-2026-28786

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

4.3CVSS5.8AI score0.00427EPSS
Exploits1References2Affected Software1
Circl
Circl
added 2026/03/26 11:27 p.m.10 views

CVE-2026-29070

creationtimestamp| type| source ---|---|--- 2026-03-26 23:27:54+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-26gm-93rw-cchf...

8.1CVSS5.8AI score0.00252EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28385

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description Open WebUI is an artificial intelligence platform designed for offline operation. A missing access control check when deleting files from a knowledge base allows a user with write access to a...

5.4CVSS6AI score0.00252EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/09 9:31 p.m.5 views

EUVD-2025-208453

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...

6.3CVSS5.3AI score0.00289EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.11 views

PT-2026-1997

Name of the Vulnerable Software and Affected Versions Open WebUI affected versions not specified Description A flaw exists in Open WebUI that allows network-adjacent attackers to disclose sensitive information. The issue stems from transmitting credentials in plaintext through an unspecified...

5.3CVSS5.5AI score0.00241EPSS
Exploits1References2
Chainguard
Chainguard
added 2026/01/07 1:30 a.m.7 views

CVE-2025-66019 vulnerabilities

Vulnerabilities for packages: nemo, open-webui...

8.7CVSS7.1AI score0.00313EPSS
Exploits0
Wolfi
Wolfi
added 2025/12/06 1:48 a.m.9 views

CVE-2025-66416 vulnerabilities

Vulnerabilities for packages: semgrep, open-webui...

8.1CVSS7.2AI score0.00463EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/12/04 6:30 p.m.7 views

open-webui is Vulnerable to Incorrect Access Control

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...

4.3CVSS7.1AI score0.00263EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/11/08 1:29 a.m.6 views

EUVD-2025-38253

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers vi...

7.3CVSS8.3AI score0.07874EPSS
Exploits1References3
Wolfi
Wolfi
added 2025/10/30 2:52 p.m.5 views

GHSA-7F5H-V6XP-FCQ8 vulnerabilities

Vulnerabilities for packages: kserve, mlflow, open-webui, k8s-sidecar, reflex...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

编号撤回

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. This CVE number has been withdrawn...

7.6AI score
Exploits0References1
CNVD
CNVD
added 2021/04/08 12:0 a.m.5 views

WCMS Server-Side Request Forgery Vulnerability

WCMS is a content management system CMS that uses an open web interface to build websites. A server-side request forgery vulnerability exists in WCMS version 0.3.2. An attacker can send a specially crafted request from the web application's back-end server via the path parameter of wex/cssjs.php,...

8.3CVSS7AI score0.01051EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/08 12:0 a.m.7 views

WCMS Directory Traversal Vulnerability

WCMS is a content management system CMS that uses an open web interface to build websites. A directory traversal vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to read arbitrary files on the server running the application via the path parameter of wex/cssjs.php...

5.3CVSS6.7AI score0.01412EPSS
Exploits0References1
OSV
OSV
added 2018/09/07 10:29 p.m.4 views

CVE-2018-15483

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04...

7.5CVSS5.8AI score0.01868EPSS
Exploits2References2
OSV
OSV
added 2018/09/07 10:29 p.m.2 views

CVE-2018-15484

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01...

9.8CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder