Retrieval-based-Voice-Conversion-WebUI 代码问题漏洞

Retrieval-based-Voice-Conversion-WebUI is an open source voice training modeling tool from RVC-Project. A code issue vulnerability exists in Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 and earlier, which stems from improper handling of the modelchoose variable, and could lead to...

Retrieval-based-Voice-Conversion-WebUI 代码问题漏洞

Retrieval-based-Voice-Conversion-WebUI is an open source voice training modeling tool from RVC-Project. A code issue vulnerability exists in Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 and earlier, which stems from improper handling of the ckptpath0 variable, and could lead to unsaf...

Retrieval-based-Voice-Conversion-WebUI 代码注入漏洞

Retrieval-based-Voice-Conversion-WebUI is an open source voice training modeling tool from RVC-Project. A code injection vulnerability exists in Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 and earlier, which stems from improper handling of the ckptpath2 variable and could lead to...

PT-2025-19738 · Unknown · Retrieval-Based-Voice-Conversion-Webui

Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The variables exp dir1, np7, trainset dir4, and sr2 take user input and pass...

PT-2025-19787 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: Open WebUI versions prior to 0.6.6 Description: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A vulnerability in the way certain html tags in chat messages are rendered allows attackers to...

PT-2025-19772 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: Open WebUI versions prior to 0.6.6 Description: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Low-privileged users can upload HTML files containing JavaScript code via the "/api/v1/files/"...

Retrieval-based-Voice-Conversion-WebUI 命令注入漏洞

Retrieval-based-Voice-Conversion-WebUI is an open source voice training modeling tool from RVC-Project. A command injection vulnerability exists in Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 and earlier, which stems from command injection...

CVE-2025-29446

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verifyconnection...

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the verifyconnection function, by manipulating the backend requests to arbitrary systems. Remediation Upgrade open-webui to version 0.6.34 or higher. References - GitH...

CVE-2025-29446

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verifyconnection...

CVE-2025-29446

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verifyconnection...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.5.16, which stems from the vulnerability of the verifyconnection function in routers/ollama.py to a server-side request forgery attack...

PT-2025-17455 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui version 0.5.16 Description: The issue concerns a Server-Side Request Forgery SSRF vulnerability. It is located in the routers/ollama.py file, specifically in the verify connection function. Recommendations: For open-webui version...

CVE-2025-29446

Open-webui v0.5.16 is affected by a Server-Side Request Forgery (SSRF) in routers/ollama.py verify_connection. Root cause is the verify_connection function allowing manipulation of backend requests. Impact is limited to SSRF with local attack vector per the CVSS data (low base score, local access...

CVE-2025-29446

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verifyconnection...

CVE-2025-29446

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verifyconnection...

CVE-2025-2071

A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed direct...

CVE-2025-2072

A Reflected Cross-Site Scripting XSS vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This issue arises when user-supplied input is improperly handled and reflected directly in the output of a...

CVE-2025-2072 Reflected Cross-Site Scripting (XSS) Vulnerability in FAST LTA Silent Brick WebUI

A Reflected Cross-Site Scripting XSS vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This issue arises when user-supplied input is improperly handled and reflected directly in the output of a...

CVE-2025-2072

FAST LTA Silent Brick WebUI is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. The issue occurs when user-supplied input is reflected in output without proper sanitization or encoding, enabling arbitrary JavaScript execution in the victim’s browser. Affected WebUI parameters inc...