CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2898 matches found

OSV•added 2026/01/23 4:16 a.m.•2 views

CVE-2026-0766

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS6.3AI score

Exploits0References1

CVE•added 2026/01/23 3:28 a.m.•9 views

CVE-2026-0767

Technical details for CVE-2026-0767 are not publicly available in the provided documents. Monitor for updates.

6.5CVSS5.5AI score0.00019EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/01/23 3:28 a.m.•2 views

CVE-2026-0767 Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability

Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The specific flaw...

5.3CVSS5.5AI score0.00019EPSS

Exploits1References1

Cvelist•added 2026/01/23 3:28 a.m.•28 views

CVE-2026-0767 Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability

5.3CVSS0.00019EPSS

Exploits1References1

ATTACKERKB•added 2026/01/23 3:28 a.m.•4 views

CVE-2026-0767

6.5CVSS5.3AI score0.00019EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/01/23 3:28 a.m.•1 views

CVE-2026-0766

8.8CVSS6.3AI score0.00225EPSS

Exploits1References2Affected Software1

CVE•added 2026/01/23 3:28 a.m.•18 views

CVE-2026-0766

Open WebUI contains a vulnerability in load_tool_module_by_id that allows remote code execution via command injection. The flaw comes from insufficient validation of a user-supplied string before it is used to execute Python code, enabling an attacker to run arbitrary code in the service account’...

8.8CVSS6.5AI score0.00225EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/01/23 3:28 a.m.•27 views

CVE-2026-0766 Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

8.8CVSS0.00225EPSS

Exploits1References1

Vulnrichment•added 2026/01/23 3:28 a.m.•3 views

CVE-2026-0766 Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

8.8CVSS6.5AI score0.00225EPSS

Exploits1References1

Vulnrichment•added 2026/01/23 3:28 a.m.•3 views

CVE-2026-0765 Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability

Open WebUI PIP installfrontmatterrequirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists...

8.8CVSS6.5AI score0.00225EPSS

Exploits0References1

ATTACKERKB•added 2026/01/23 3:28 a.m.•2 views

CVE-2026-0765

8.8CVSS6.3AI score0.00225EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/01/23 3:28 a.m.•26 views

CVE-2026-0765 Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability

8.8CVSS0.00225EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•3 views

Open WebUI: Operating System Command Injection Vulnerability

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Open WebUI has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for the strings provided by users in the...

8.8CVSS7.6AI score0.00225EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•2 views

Open WebUI Code Injection Vulnerability

Open WebUI is an open-source, scalable, feature-rich, and user-friendly self-hosted WebUI. Open WebUI has a code injection vulnerability, which stems from the lack of validation for the string provided by users in the loadtoolmodulebyid function. This vulnerability may lead to code injection and...

8.8CVSS7.6AI score0.00225EPSS

Exploits1References1

CNNVD•added 2026/01/23 12:0 a.m.•3 views

Open WebUI security vulnerabilities

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Open WebUI has a security vulnerability that stems from transmitting sensitive information in plaintext when handling credentials, which may lead to information leakage...

6.5CVSS6.4AI score0.00019EPSS

Exploits1References1

Wolfi•added 2026/01/22 7:48 p.m.•5 views

CVE-2026-23949 vulnerabilities

Vulnerabilities for packages: semgrep, pypy-3.11, mlflow, emissary, open-webui, superset, tensorflow-cpu-jupyter, py3-cassandra-medusa, datadog-agent, dask-kubernetes, kubeflow-jupyter-web-app, kubeflow-katib, py3-setuptools, airflow, pypy-3.10, kserve...

8.6CVSS5.1AI score0.00101EPSS

Exploits1

RedhatCVE•added 2026/01/21 8:22 p.m.•3 views

CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

6.5CVSS5.4AI score0.0005EPSS

Exploits0References1

Wolfi•added 2026/01/21 7:48 p.m.•3 views

GHSA-58PV-8J8X-9VJ2 vulnerabilities

5.2AI score

Exploits0

Chainguard•added 2026/01/21 7:17 p.m.•2 views

GHSA-58PV-8J8X-9VJ2 vulnerabilities

Vulnerabilities for packages: authentik-fips, dask-kubernetes, text-generation-inference, duplicity, spamcheck, mlflow, py3-cassandra-medusa, localstack, authentik, tensorflow-cpu-jupyter, py3.9-setuptools, kserve, open-webui, datadog-agent-fips, airflow, ansible-operator-fips, py3-setuptools,...

5.2AI score

Exploits0