9 matches found
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained security vulnerabilities. These vulnerabilities stemmed from the chat completion API, where tool IDs and server parameters were provided by users witho...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained security vulnerabilities. These vulnerabilities stemmed from the lack of access control checks when deleting files from the knowledge base, which could...
PT-2026-28381
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description Open WebUI is a self-hosted artificial intelligence platform designed for offline operation. A flaw exists in the speech-to-text transcription endpoint where an unsanitized filename field allows a...
Nextcloud Tables 安全漏洞
Nextcloud Tables is a table application from Nextcloud Open Source. A security vulnerability exists in Nextcloud Tables versions prior to 0.8.6 and prior to 0.9.3, which stems from a malicious user being able to move columns to the victim table, potentially leading to data tampering...
CVE-2005-10004
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...
CVE-2005-10004 Cacti graph_view.php RCE via graph_start Parameter Injection
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...
GHSA-34WJ-P5JM-2P96 Improper Restriction of XML External Entity Reference in python-docx
python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted document...
DEBIAN-CVE-2020-10749
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or...
PYSEC-2016-21
python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted document...