Lucene search
+L

559 matches found

nuclei
nuclei
added yesterday21 views

Open WebUI 'LDAP Empty Password' - Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

9.1CVSS7AI score0.01461EPSS
Exploits1References2
nvd
nvd
added 3 days ago8 views

CVE-2026-15668

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS0.00228EPSS
Exploits0References6
euvd
euvd
added last week7 views

EUVD-2026-42727

A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pullparser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public an...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References8
nvd
nvd
added 2026/07/09 5:17 p.m.9 views

CVE-2026-59715

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with alwaysconnect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requirin...

6.5CVSS0.00222EPSS
Exploits1References4
nvd
nvd
added 2026/07/09 5:17 p.m.7 views

CVE-2026-59219

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS0.00259EPSS
Exploits1References3
cvelist
cvelist
added 2026/07/09 5:0 p.m.29 views

CVE-2026-59223 Open WebUI: `WEB_FETCH_FILTER_LIST` host allow/block filter bypassable via URL path and non-label-boundary matching

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEBFETCHFILTERLIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL pa...

4.3CVSS0.00223EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/09 4:48 p.m.31 views

CVE-2026-59216 Open WebUI: Cross-user code-interpreter and tool execution via unvalidated Socket.IO event-caller session_id

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, geteventcall delivered execute:python and execute:tool Socket.IO events to a client-supplied sessionid after checking only that the session was connected, allowing authenticated users who learne...

7.7CVSS0.00308EPSS
Exploits0References4
nvd
nvd
added 2026/07/09 1:16 p.m.8 views

CVE-2026-15184

A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwgnextentity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument nextobj results in null pointer dereference. The attack must be initiated from a local...

4.8CVSS0.00118EPSS
Exploits0References9
osv
osv
added 2026/07/09 12:0 p.m.3 views

CVE-2026-15184 GNU LibreDWG DWG File dwg.c dwg_next_entity null pointer dereference

A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwgnextentity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument nextobj results in null pointer dereference. The attack must be initiated from a local...

4.8CVSS5.6AI score0.00118EPSS
Exploits0References11
euvd
euvd
added 2026/07/09 11:30 a.m.10 views

EUVD-2026-42580

A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwgbmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the...

5.3CVSS5.9AI score0.00133EPSS
Exploits0References10
euvd
euvd
added 2026/07/07 4:51 p.m.12 views

EUVD-2026-22188

Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality...

4.3CVSS5.9AI score0.00227EPSS
Exploits1References2
cve
cve
added 2026/07/06 10:30 p.m.15 views

CVE-2026-53640

CVE-2026-53640 (FOSSBilling) affects the FOSSBilling project prior to version 0.8.0, where low-privileged staff could read sensitive data via admin API endpoints that lack proper authorization checks on read operations. The issue contrasts with write endpoints that have fine-grained permissions, ...

2.3CVSS6AI score0.00226EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.13 views

PT-2026-56039

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.6 through 0.7.2 Description When a ClientPasswordReset record already exists for a client from a previous unexpired request, subsequent calls to the reset password guest API endpoint reuse the existing token instead of...

7.7CVSS6AI score0.00215EPSS
Exploits1References5
euvd
euvd
added 2026/07/04 5:58 p.m.9 views

EUVD-2026-41687

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

5.9AI score0.00172EPSS
Exploits0References4
osv
osv
added 2026/06/30 11:17 p.m.4 views

UBUNTU-CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References4
euvd
euvd
added 2026/06/24 5:33 a.m.10 views

EUVD-2026-38655

The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.8AI score0.00135EPSS
Exploits0References5
euvd
euvd
added 2026/06/24 12:49 a.m.18 views

EUVD-2026-38641

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/23 2:25 p.m.40 views

CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS0.00408EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/18 9:9 p.m.32 views

CVE-2026-54017 Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...

7.7CVSS0.00349EPSS
Exploits0References1
euvd
euvd
added 2026/06/17 6:35 p.m.9 views

EUVD-2024-55627

Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...

7.1CVSS5.1AI score0.00241EPSS
Exploits0References2
Rows per page
Query Builder