CVE-2024-3911 Welotec: Clickjacking Vulnerability in WebUI

An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames...

CVE-2024-3911 Welotec: Clickjacking Vulnerability in WebUI

An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames...

Security Bypass

chrome is vulnerable to Security Bypass. The vulnerability is due to insufficient policy enforcement in WebUI within Google Chrome, allows a remote attacker to bypass content security policy via a crafted HTML page...

Chromium: CVE-2024-3847 Insufficient policy enforcement in WebUI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA65692 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An...

CVE-2024-3847

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

CVE-2024-3847

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

CVE-2024-3847

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

CVE-2024-3847

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

CVE-2024-30256

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117...

CVE-2024-30256 Open WebUI vulnerable to server-side request forgery in utils.py

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117...

CVE-2024-30256 Open WebUI vulnerable to server-side request forgery in utils.py

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117...

CVE-2024-30256 Open WebUI vulnerable to server-side request forgery in utils.py

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117...

CVE-2024-30256

CVE-2024-30256 affects Open WebUI prior to version 0.1.117. The vulnerability is an authenticated blind server-side request forgery (SSRF) in the backend, specifically in the function download_file_stream() inside Open WebUI’s backend/apps/web/routers/utils.py, exploitable via the url parameter. ...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

CVE-2024-1601

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2024-1601

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

CVE-2024-1601 SQL Injection in parisneo/lollms-webui

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2024-1601 SQL Injection in parisneo/lollms-webui

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...