Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded 2025/05/05 6:50 p.m.13 views

CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

6.4CVSS0.00225EPSS
Exploits1References3
CVE
CVEadded 2025/05/05 6:50 p.m.66 views

CVE-2025-46719

Open WebUI vulnerability CVE-2025-46719 affects versions prior to 0.6.6. A flaw in rendering certain HTML tags in chat messages allows stored cross-site scripting (XSS) in chat transcripts, which are accessible by other users on the same server or via Open WebUI community sharing. In the user’s b...

6.4CVSS6.5AI score0.00225EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2025/05/05 6:50 p.m.10 views

CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

6.4CVSS6.5AI score0.00225EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2025/05/05 12:0 a.m.4 views

PT-2025-19787 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: Open WebUI versions prior to 0.6.6 Description: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A vulnerability in the way certain html tags in chat messages are rendered allows attackers to...

6.4CVSS6.3AI score0.00225EPSS
Exploits1References7
SUSE CVE
SUSE CVEadded 2023/02/15 4:4 a.m.1 views

SUSE CVE-2020-1777

Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions...

5.3CVSS5.6AI score0.00237EPSS
Exploits0References3
OSV
OSVadded 2020/10/15 7:15 p.m.0 views

CVE-2020-1777

Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions...

5.3CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder