2898 matches found
CVE-2026-27024 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-27026 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-27199 vulnerabilities
Vulnerabilities for packages: localstack, airflow, airflow-core, tensorflow-cpu-jupyter, emissary, kubeflow-pipelines-visualization-server, azure-functions-python-worker, kubeflow-volumes-web-app, mlflow, open-webui, superset, tensorflow-gpu-jupyter, litellm...
GHSA-68RP-WP8R-4726 vulnerabilities
Vulnerabilities for packages: airflow, mitmproxy, airflow-core, emissary, kubeflow-volumes-web-app, mlflow, open-webui...
GHSA-29VQ-49WR-VM6X vulnerabilities
Vulnerabilities for packages: localstack, airflow, airflow-core, tensorflow-cpu-jupyter, emissary, kubeflow-pipelines-visualization-server, azure-functions-python-worker, kubeflow-volumes-web-app, mlflow, open-webui, superset, tensorflow-gpu-jupyter, litellm...
VulnCheck KEV: CVE-2024-6250
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...
CVE-2026-26193
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts...
CVE-2026-26192
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...
CVE-2026-26193 Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts...
CVE-2026-26193 Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts...
CVE-2026-26192
Open WebUI (self-hosted offline) before v0.7.0 allows stored XSS via a crafted document payload by modifying chat history to set html in document metadata; the frontend treats contents as HTML and renders in an iframe during citation preview or shared chat view. Version 0.7.0 fixes the issue. No ...
CVE-2026-26192 Open WebUI vulnerable to Stored XSS via iFrame in citations model
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...
CVE-2026-26192 Open WebUI vulnerable to Stored XSS via iFrame in citations model
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...
CVE-2026-26192 Open WebUI vulnerable to Stored XSS via iFrame in citations model
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...
Open WebUI 跨站脚本漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the possibility of storing cross-site scripting attacks when manual modifications...
Open WebUI 跨站脚本漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.6.44 contained a cross-site scripting vulnerability. This vulnerability arises from the possibility of storing cross-site scripting attacks when manual modifications...
PT-2026-20918
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.44 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Manually modifying chat history allows setting the embeds property on a response message. The...
CVE-2026-26013 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-1094
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Prior to GitLab CE/EE 18.8.4, there was a security vulnerability. This...