Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. A security vulnerability exists in Open WebUI version 0.3.8 and earlier, which stems from cross-site request forgery and could lead to remote code execution...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.3.8 that stems from improper access control and allows an attacker to view administrator details...

Open WebUI 资源管理错误漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A resource management error vulnerability exists in Open WebUI version v0.3.8, which stems from the use of an overly large name field during registration by an unauthorized user, which may caus...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. A security vulnerability exists in Open WebUI version 0.3.8, which stems from a session fixation attack that could lead to an administrator account takeover...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. A security vulnerability exists in Open WebUI version v10, which stems from improper path cleanup and could lead to unauthorized directory access...

编号撤回

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. This CVE number has been withdrawn...

Open WebUI 访问控制错误漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. An Access Control Error vulnerability exists in Open WebUI version v0.3.8, which stems from improper access control that allows an administrator to view the chat logs of other administrators...

PT-2025-12080 · Unknown · Automatic1111/Stable-Diffusion-Webui

Name of the Vulnerable Software and Affected Versions: automatic1111/stable-diffusion-webui version 1.10.0 Description: The software is susceptible to a flaw where the server does not properly manage extra characters added to the end of multipart boundaries. This can be exploited by sending...

PT-2025-12183 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version 0.3.8 Description: A vulnerability allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.3.8 that stems from improper access control and allows an attacker to view and delete arbitrary files...

PT-2025-12179 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version 0.3.8 Description: The issue allows attackers to view and delete any files due to improper access control. The application fails to verify whether the attacker is an administrator, enabling them to directly call...

PT-2025-12178 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version v0.3.8 Description: The issue is related to improper access control. Administrators are supposed to view only the chats of non-admin members on the frontend admin page. However, it is possible to view the chats o...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. A security vulnerability exists in Open WebUI version 0.3.32, which stems from an unverified authentication mechanism and could lead to a denial of service attack...

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A code issue vulnerability exists in Open WebUI version 0.3.8, which stems from server-side request forgery and could lead to internal services being accessed...

Open WebUI 路径遍历漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A path traversal vulnerability exists in Open WebUI version 0.3.8, which stems from improper handling of filenames in the /models/upload endpoint, which could lead to arbitrary file writes...

Open WebUI 资源管理错误漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A resource management error vulnerability exists in Open WebUI version 0.3.8, which originates from an unauthenticated markdown conversion endpoint and could lead to a denial of service...

PT-2025-12199 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui version 0.3.8 Description: An endpoint for converting Markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of...

PT-2025-12177 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version v0.3.8 Description: The application exhibits improper privilege management. An attacker with administrator privileges can delete other administrators by directly accessing the API endpoint...

PT-2025-12097 · Unknown · Automatic1111/Stable-Diffusion-Webui

Name of the Vulnerable Software and Affected Versions: automatic1111/stable-diffusion-webui version 1.10.0 Description: A Cross-Site WebSocket Hijacking CSWSH vulnerability allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability is due to a lack of...

PT-2025-12173 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version 0.3.8 Description: An arbitrary file write vulnerability exists in the download model endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file...