CVE-2026-45347

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery SSRF via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests...

CVE-2026-45347

CVE-2026-45347 concerns Open WebUI, a self-hosted offline AI platform. The vulnerability is a blind server-side request forgery (SSRF) via the PDF generate function, where user inputs embedded in the PDF are processed as HTML. Tests show most dangerous tags (e.g., iframe, object) are blocked, but...

CVE-2026-45347 Open WebUI: Blind server side request forgery (SSRF) via the PDF generate function

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery SSRF via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests...

CVE-2026-45347 Open WebUI: Blind server side request forgery (SSRF) via the PDF generate function

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery SSRF via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests...

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the pdf generate process. An attacker can cause the server to initiate arbitrary outbound HTTP requests by injecting crafted HTML, such as an tag, into user-controllable...

PYSEC-2025-145

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...

Ollama 输入验证错误漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. An input validation error vulnerability exists in Ollama version 0.5.11, which stems from insufficient validation of array index access and could lead to a denial of service attack...

PT-2023-22458 · Unknown · Spreadsheet-Reader

Name of the Vulnerable Software and Affected Versions: spreadsheet-reader version 0.5.11 Description: A Local File inclusion issue in test.php allows remote attackers to include arbitrary files via the File parameter. This could potentially lead to sensitive information disclosure or other securi...

spreadsheet-reader 路径遍历漏洞

spreadsheet-reader is Nuovo open source PHP spreadsheet reader. A security vulnerability exists in spreadsheet-reader version 0.5.11, which stems from a local file inclusion vulnerability that allows remote attackers to include arbitrary files via the File parameter...

SUSE SLES15 Security Update : dovecot23 (SUSE-SU-2021:0028-1)

This update for dovecot23 fixes the following issues : Security issues fixed : CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts bsc1174920. CVE-2020-12673: Fixed an improper implementation of NTLM that did not check the message buffer size bsc1174922. CVE-2020-12674:...

Midori Browser Code Execution Vulnerability

Midori Browser is a lightweight cross-platform web browser. A security vulnerability exists in Midori Browser version 0.5.11 Windows 10. An attacker can exploit the vulnerability to bypass the Content Security Policy policy and execute code...