CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2982 matches found

NVD•added 2025/11/12 6:15 p.m.•6 views

CVE-2025-65002

Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters...

7.5CVSS0.00233EPSS

Exploits0References1

GithubExploit•added 2025/11/10 9:26 a.m.•242 views

Exploit for CVE-2025-64495

CVE-2025-64495-POC Open WebUI vulnerable to Stored DOM XSS via...

8.7CVSS7.3AI score0.0046EPSS

Exploits2

RedhatCVE•added 2025/11/10 5:22 a.m.•6 views

CVE-2025-64495

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. In versions 0.6.34 and below, the functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the prompt body is...

8.7CVSS6.2AI score0.0046EPSS

Exploits2References1

RedhatCVE•added 2025/11/10 5:22 a.m.•7 views

CVE-2025-64496

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers vi...

8CVSS8.8AI score0.07767EPSS

Exploits1References1

NVD•added 2025/11/08 2:15 a.m.•8 views

CVE-2025-64496

8CVSS0.07767EPSS

Exploits1References2

NVD•added 2025/11/08 2:15 a.m.•6 views

CVE-2025-64495

8.7CVSS0.0046EPSS

Exploits2References3

CVE•added 2025/11/08 1:29 a.m.•86 views

CVE-2025-64496

CVE-2025-64496 Open WebUI : A code injection vulnerability in the Direct Connections feature (v0.6.224 and earlier) allows external model servers to push SSE events that execute arbitrary JavaScript in victim browsers, leading to token theft, account takeover, and potential backend RCE when combi...

8CVSS8.5AI score0.07767EPSS

Exploits1References2Affected Software1

Cvelist•added 2025/11/08 1:29 a.m.•21 views

CVE-2025-64496 Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

7.3CVSS0.07767EPSS

Exploits1References2

Vulnrichment•added 2025/11/08 1:29 a.m.•3 views

CVE-2025-64496 Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

7.3CVSS8.1AI score0.07767EPSS

Exploits1References2

OSV•added 2025/11/08 1:29 a.m.•5 views

CVE-2025-64496 Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

7.3CVSS8.9AI score0.07767EPSS

Exploits1References4

EUVD•added 2025/11/08 1:25 a.m.•5 views

EUVD-2025-38257

8.7CVSS5.7AI score0.0046EPSS

Exploits2References4

CVE•added 2025/11/08 1:25 a.m.•58 views

CVE-2025-64495

Open WebUI (self-hosted offline AI platform) is affected by a Stored DOM XSS in RichTextInput when the “Insert Prompt as Rich Text” option is enabled. In versions 0.6.34 and earlier, the prompt body is parsed with marked.parse and then assigned to a temporary div’s innerHTML without sanitisation,...

8.7CVSS5.8AI score0.0046EPSS

Exploits2References3Affected Software1

Vulnrichment•added 2025/11/08 1:25 a.m.•3 views

CVE-2025-64495 Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

8.7CVSS5.6AI score0.0046EPSS

Exploits2References3

Cvelist•added 2025/11/08 1:25 a.m.•15 views

CVE-2025-64495 Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

8.7CVSS0.0046EPSS

Exploits2References3

OSV•added 2025/11/08 1:25 a.m.•6 views

CVE-2025-64495 Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

8.7CVSS6.3AI score0.0046EPSS

Exploits2References5

CNNVD•added 2025/11/08 12:0 a.m.•5 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. A security vulnerability exists in Open WebUI version 0.6.224 and earlier, which stems from a code injection vulnerability in the Direct Connections feature that could lead to authentication...

8CVSS7.2AI score0.07767EPSS

Exploits1References3

CNNVD•added 2025/11/08 12:0 a.m.•4 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A cross-site scripting vulnerability exists in Open WebUI version 0.6.34 and earlier, which stems from a failure to clean up the prompt body when assigning it to the DOM receiver innerHtml, whi...

8.7CVSS5.8AI score0.0046EPSS

Exploits2References4

RedhatCVE•added 2025/11/07 8:56 p.m.•4 views

CVE-2025-12487

oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...

9.8CVSS7.9AI score0.00784EPSS

Exploits0References1

RedhatCVE•added 2025/11/07 8:56 p.m.•3 views

CVE-2025-12488

9.8CVSS7.9AI score0.00784EPSS

Exploits0References1

Snyk•added 2025/11/07 5:37 p.m.•2 views

Inclusion of Web Functionality from an Untrusted Source

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Inclusion of Web Functionality from an Untrusted Source via the execute event handler used by the Direct Connections feature. An attacker can gain access to authentication tokens, take over user accounts, and...

8CVSS7.7AI score0.07767EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by