CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2982 matches found

Snyk•added 2025/12/04 3:45 p.m.•6 views

Access Control Bypass

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Access Control Bypass via the /api/tasks/stop/taskid endpoint. An attacker can enumerate tasks running by other users and use taskid to terminate any tasks running on the server. Remediation Upgrade open-webu...

5.3CVSS5.9AI score0.00259EPSS

Exploits1References2

CNNVD•added 2025/12/04 12:0 a.m.•4 views

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A code issue vulnerability exists in versions of Open WebUI prior to 0.6.37 that stems from server-side request forgery and could lead to access to internal networks and services...

8.5CVSS6.7AI score0.03965EPSS

Exploits1References2

Vulnrichment•added 2025/12/04 12:0 a.m.•3 views

CVE-2025-63681

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...

6.7AI score0.00259EPSS

Exploits1References2

Cvelist•added 2025/12/04 12:0 a.m.•20 views

CVE-2025-63681

0.00259EPSS

Exploits1References2

CVE•added 2025/12/04 12:0 a.m.•21 views

CVE-2025-63681

Open-WebUI CVE-2025-63681 affects v0.6.33. The API endpoint /api/tasks/stop/ allows direct cancellation of tasks without verifying ownership, enabling a normal user to stop arbitrary LLM response tasks (Incorrect Access Control). Base score 4.3 (Medium); attack vector NETWORK, privileges required...

4.3CVSS6.7AI score0.00259EPSS

Exploits1References2Affected Software1

CNNVD•added 2025/12/04 12:0 a.m.•5 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.6.33, which stems from the API /api/tasks/stop/ direct access and cancel tasks without verifying user ownership, which could lead an...

4.3CVSS6.5AI score0.00259EPSS

Exploits1References2

Positive Technologies•added 2025/12/04 12:0 a.m.•5 views

PT-2025-49046

Name of the Vulnerable Software and Affected Versions open-webui version 0.6.33 Description The software contains a flaw related to access control. The /api/tasks/stop/ API endpoint allows direct access and cancellation of tasks without verifying user ownership. This enables an attacker, even a...

5.3CVSS6.6AI score0.00259EPSS

Exploits1References8

CNNVD•added 2025/12/04 12:0 a.m.•5 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A cross-site scripting vulnerability exists in versions of Open WebUI prior to 0.6.37 that stems from a stored cross-site scripting attack that could lead to arbitrary JavaScript execution and...

8.7CVSS5.8AI score0.00193EPSS

Exploits1References2

Positive Technologies•added 2025/12/04 12:0 a.m.•5 views

PT-2025-49128

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.37 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to...

8.5CVSS6.7AI score0.03965EPSS

Exploits1References12

Positive Technologies•added 2025/12/04 12:0 a.m.•6 views

PT-2025-49146

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.37 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A Stored Cross-Site Scripting XSS issue was identified in the Notes PDF download functionality. ...

8.7CVSS5.7AI score0.00193EPSS

Exploits1References12

OSSF Malicious Packages•added 2025/12/01 4:0 p.m.•7 views

Malicious code in @bingads-webui-clientcenter/instrumentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7efd2376e1aa13253ea637d39c491337b642dec3198639e7b492c1aec1c083ad The package @bingads-webui-clientcenter/instrumentation was found to contain malicious code...

7AI score

Exploits0