2 matches found
CVE-2026-45338
Open WebUI CVE-2026-45338 describes an SSRF in _process_picture_url() (oauth.py) where the server fetches URLs from OAuth picture claims without validate_url(), enabling requests to internal resources and exfiltration of the full response. Affected software before the fix: Open WebUI prior to ver...
CVE-2025-54854
When a BIG-IP APM OAuth access profile Resource Server or Resource Client is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...