2898 matches found
EUVD-2026-11145
A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaaportalauthlocalsubmit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2025-15603
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...
EUVD-2025-208452
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...
CVE-2025-15603 open-webui JWT Key start_windows.bat random values
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...
CVE-2025-15603
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...
CVE-2025-15603
The CVE affects open-webui up to 0.6.16, specifically the JWT Key Handler’s file backend/start_windows.bat. Manipulating the WEBUI_SECRET_KEY can produce insufficiently random values, enabling a remote attack. Exploitability is rated high complexity with no authentication required; impact shown a...
Open WebUI 安全特征问题漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI with open-source code. Versions of Open WebUI prior to 0.6.16 have a security vulnerability related to the parameter WEBUISECRETKEY, where insufficient randomness was present in the handling of this parameter...
GHSA-2G6R-C272-W58R vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-F2V5-7JQ9-H8CG vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-28351 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-F2V5-7JQ9-H8CG vulnerabilities
Vulnerabilities for packages: litellm, nemo, open-webui...
CVE-2026-25136
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...
CVE-2026-27628 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-25138
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
CVE-2026-25733
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...
CVE-2026-25736 Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom RSE Attribute of the WebUI where...
CVE-2026-25736 Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom RSE Attribute of the WebUI where...
CVE-2026-25735
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Identity Name of the WebUI where...
CVE-2026-25735
Rucio WebUI Identity Name contains a stored XSS vulnerability. Attacker-supplied input is persisted and later rendered without proper output encoding, enabling arbitrary JavaScript execution in the WebUI for affected users. This can potentially lead to session token theft or unauthorized actions....
CVE-2026-25735 Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Identity Name of the WebUI where...