CVE-2026-45339

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When an API key is restricted from /api/v1/messages, requests using the Authorization: Bearer sk-...

CVE-2021-41191

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @requireapikey in BOT/lib/cogs/website.p...

Palo Alto Networks PAN-OS 4.1.x < 4.1.16 / 5.0.x < 5.0.10 / 5.1.x < 5.1.5 API Key Bypass Flaw

The remote host is running a version of Palo Alto Networks PAN-OS prior to 4.1.16 / 5.0.10 / 5.1.5. It is, therefore, affected by an API key bypass flaw which allows a remote attacker to bypass the XML API key for a session that has already been authorized. Note that Nessus has not tested for thi...

Management API Key Bypass

An XML API key can be bypassed if a session has been authorized. This can be used in a CSRF or XSS attack. Ref 58976...