Lucene search
K

19 matches found

Cvelist
Cvelist
added 2026/05/15 9:26 p.m.36 views

CVE-2026-45315 Open WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS0.0018EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 9:26 p.m.17 views

CVE-2026-45315

Open WebUI (self-hosted offline AI platform) is affected by CVE-2026-45315. Before version 0.9.3, the audio transcription upload endpoint accepts a user-supplied filename extension and saves the file under CACHE_DIR/audio/transcriptions, then serves /cache/{path} via FileResponse using the on-dis...

8.7CVSS5.8AI score0.0018EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 3:29 p.m.9 views

Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

4.3CVSS6AI score0.00427EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/27 2:29 p.m.19 views

CVE-2026-33764

CVE-2026-33764 affects WWBN/AVideo up to version 26.0 where the AI plugin’s save.json.php loads AI responses by attacker-controlled IDs (ai_metatags_responses_id and ai_transcribe_responses_id) without validating ownership of the target video. An authenticated user with canUseAI can reference AI ...

4.3CVSS5.9AI score0.00214EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 2:29 p.m.3 views

CVE-2026-33764 AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and Transcriptions

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user wi...

4.3CVSS5.9AI score0.00214EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/27 2:29 p.m.28 views

CVE-2026-33764 AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and Transcriptions

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user wi...

4.3CVSS0.00214EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/26 6:8 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the save.json.php process. An attacker can access and exfiltrate confidential AI-generated metadata and...

5.3CVSS5.9AI score0.00214EPSS
Exploits1References2
OSV
OSV
added 2026/03/26 6:8 p.m.6 views

GHSA-G39V-QRJ6-JXRH AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and Transcriptions

Summary The AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user with AI permissions can reference any AI response ID — including those generat...

4.3CVSS5.9AI score0.00214EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/26 6:8 p.m.5 views

AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and Transcriptions

Summary The AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user with AI permissions can reference any AI response ID — including those generat...

4.3CVSS5.8AI score0.00214EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A code issue vulnerability exists in Open WebUI version 0.3.0, which stems from the audio API endpoint /audio/api/v1/transcriptions allowing arbitrary file uploads, which could lead to path...

8.1CVSS8.4AI score0.00881EPSS
Exploits0References1
Veracode
Veracode
added 2024/06/11 6:32 a.m.11 views

Arbitrary File Deletion

litellm is vulnerable to Arbitrary File Deletion. The vulnerability is due to improper input validation on the /audio/transcriptions endpoint, allowing attackers to send crafted requests that delete specified files without proper authorization or validation...

8.1CVSS6.7AI score0.00614EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/06/06 9:30 p.m.3 views

GHSA-3XR8-QFVJ-9P9J Arbitrary file deletion in litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

7CVSS6.9AI score0.00614EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.22 views

Arbitrary file deletion in litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

8.1CVSS6.6AI score0.00614EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/06/06 7:16 p.m.5 views

CVE-2024-4888

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

8.1CVSS6.9AI score
Exploits0References1
CVE
CVE
added 2024/06/06 6:31 p.m.69 views

CVE-2024-4888

BerriAI’s litellm (latest version) is affected by CVE-2024-4888 due to improper input validation on the /audio/transcriptions endpoint. The code uses os.remove(file.filename) to delete a file, allowing an attacker to delete arbitrary server files (e.g., SSH keys, SQLite databases, configuration f...

8.1CVSS6.9AI score0.00614EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/06/06 6:31 p.m.38 views

CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

6.5CVSS0.00614EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/06 6:31 p.m.16 views

CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

6.5CVSS7.3AI score0.00614EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.12 views

LiteLLM Input Validation Error Vulnerability

LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. LiteLLM suffers from an input validation error vulnerability that stems from an improper input validation issue with the /audio/transcriptions API, resulting in vulnerability to arbitrary file...

8.1CVSS7AI score0.00614EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.5 views

PT-2024-33255 · Berriai · Litellm

Name of the Vulnerable Software and Affected Versions: BerriAI's litellm version latest Description: The issue arises from improper input validation on the "/audio/transcriptions" endpoint, allowing an attacker to send a specially crafted request that includes a file path to the server. This...

8.1CVSS6.7AI score0.00614EPSS
Exploits1References10
Rows per page
Query Builder