Lucene search
K

18 matches found

Cvelist
Cvelist
added 2026/06/23 4:49 p.m.47 views

CVE-2026-54009 Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the...

6.5CVSS0.00225EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/06/17 2:11 p.m.16 views

Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

summary POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the global file table with no ownership check. An authenticated user can therefore set imageurl.url to another...

6.5CVSS5.3AI score0.00366EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:20 p.m.8 views

CVE-2026-45349

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key generated in OWUI and the Chat ID of another user to continue the conversation of the other...

7.1CVSS5.8AI score0.00231EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/15 7:20 p.m.17 views

EUVD-2026-30605

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key generated in OWUI and the Chat ID of another user to continue the conversation of the other...

7.1CVSS5.8AI score0.00231EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Open WebUI 授权问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.8.11 had an authorization issue vulnerability. This vulnerability stemmed from the internal bypassfilter parameter being exposed through FastA...

5.4CVSS5.8AI score0.00193EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability for users to continue a conversation with another user through...

7.1CVSS5.8AI score0.00231EPSS
Exploits1References2
OSV
OSV
added 2026/05/14 8:25 p.m.8 views

GHSA-V6QF-75PR-P96M Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED]

Summary An internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated user to append ?bypassfilter=true and bypass model access control checks to invoke admin-restricted models...

5.4CVSS5.9AI score0.00193EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/06 5:23 p.m.10 views

QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0

SSRF Filter Bypass via 0.0.0.0 Summary The SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular non-admin user holding any valid API token can send a multimodal request to /v1/chat/completions,...

7.1CVSS7.2AI score0.00258EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/25 7:7 a.m.14 views

CVE-2025-62426

A vulnerability in vLLM allows an authenticated user to trigger unintended tokenization during chat template processing by supplying crafted chattemplatekwargs to the /v1/chat/completions or /tokenize endpoints. By forcing the server to tokenize very large inputs, an attacker can block the API...

6.5CVSS6.4AI score0.00326EPSS
Exploits0References8
NVD
NVD
added 2025/11/21 2:15 a.m.11 views

CVE-2025-62426

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

6.5CVSS0.00326EPSS
Exploits0References5
CVE
CVE
added 2025/11/21 1:21 a.m.19 views

CVE-2025-62426

Summary: CVE-2025-62426 affects vLLM up to versions before 0.11.1. The /v1/chat/completions and /tokenize endpoints accept a chat_template_kwargs parameter that is used before validation, allowing an attacker to block the API server by forcing large tokenization tasks and delaying all other reque...

6.5CVSS6.8AI score0.00326EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/11/21 1:21 a.m.6 views

CVE-2025-62426 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

6.5CVSS7AI score0.00326EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/11/21 1:21 a.m.9 views

CVE-2025-62426 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

6.5CVSS6.8AI score0.00326EPSS
Exploits0References5
Snyk
Snyk
added 2025/07/08 2:44 a.m.3 views

SQL Injection

Overview airda is an airda Affected versions of this package are vulnerable to SQL Injection via the execute function in the /v1/chat/completions file when processing the question argument. An attacker can access or modify sensitive data, or disrupt application functionality by sending crafted...

6.5CVSS7.9AI score0.00248EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.6 views

hitsz-ids airda 注入漏洞

hitsz-ids airda is an open source multi-intelligence for data analytics by China's HITZ Shenzhen Data Security Research Institute hitsz-ids. An injection vulnerability exists in hitsz-ids airda version 0.0.3, which stems from SQL injection due to incorrect manipulation of the parameter question i...

6.5CVSS6.9AI score0.00248EPSS
Exploits0References4
NVD
NVD
added 2025/05/30 7:15 p.m.14 views

CVE-2025-48944

vLLM is an inference and serving engine for large language models LLMs. In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality ...

6.5CVSS0.00449EPSS
Exploits1References2
OSV
OSV
added 2024/09/13 6:31 p.m.4 views

GHSA-G26J-5385-HHW3 LiteLLM Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

8.7CVSS7.2AI score0.37197EPSS
Exploits1References4
OSV
OSV
added 2024/09/13 3:59 p.m.16 views

CVE-2024-6587 SSRF in berriai/litellm

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

7.5CVSS7.2AI score0.37197EPSS
Exploits1References4
Rows per page
Query Builder