10 matches found
CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...
CVE-2026-45396
Summary of technical details (CVE-2026-45396) Open WebUI v0.9.2 is vulnerable to mass assignment in the endpoint POST /api/v1/evaluations/feedback through a FeedbackForm that uses extra='allow'. The root cause is an insecure dictionary merge order in insert_new_feedback(), where the form data can...
GHSA-RJMP-VJF2-QF4G Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
Mass Assignment in Feedback Creation Allows User ID Spoofing and Evaluation Data Manipulation Summary The POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an insecure...
Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
Mass Assignment in Feedback Creation Allows User ID Spoofing and Evaluation Data Manipulation Summary The POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an insecure...
PT-2026-41191
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An authenticated attacker can perform a mass assignment attack via the 'POST /api/v1/evaluations/feedback' endpoint. This is possible because the FeedbackForm uses a configuration that allows extr...
Better Auth: Unauthenticated API key creation through api-key plugin
Summary A critical authentication bypass was identified in the API key creation and update endpoints. An attacker could create or modify API keys for arbitrary users by supplying a victim’s user ID in the request body. Due to a flaw in how the authenticated user was derived, the endpoints could...
Incorrect User Management
github.com/ubuntu/authd is vulnerable to Incorrect User Management. The vulnerability is due to insufficient randomization of user IDs, allowing a local attacker to register usernames and spoof another user's ID, gaining their privileges. This issue affects Authd through version 0.3.6...
PT-2024-39562 · Authd +1 · Authd +1
Name of the Vulnerable Software and Affected Versions: Authd versions 0.3.6 and earlier Description: A local attacker who can register user names could spoof another user's ID and gain their privileges due to insufficient randomization of user IDs. The issue arises from the GenerateID method, whi...
Network fun website management system V2. 1 The official version of 0day-vulnerability warning-the black bar safety net
Author: Samy source: bug 1. asp : % Response. Cookies"KuUSER""UserName"="" userid=request. querystring"userid" % % set rsmsg=server. createobject"adodb. recordset" sqlmsg="select from Comuser where comid="&userid&"" rem get the data without the filter rsmsg. open sqlmsg,conn,1,3 if rsmsg. eof and...
WinPT User ID Spoofing Vulnerability
WinPT User ID Spoofing Vulnerability Impact: Impersonation Where: Remote Status: Unpatched Product: Windows Privacy Tray WinPT http://wald.intevation.org/projects/winpt Visual representation of keys in WinPT 1.2.0 is susceptible to a user ID spoofing attack using keys with large amount of data in...