CVE-2026-28786 Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

CVE-2021-4471 TG8 Firewall Unauthenticated User Password Disclosure

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading...

CVE-2021-4471 TG8 Firewall Unauthenticated User Password Disclosure

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading...

PT-2025-47022

Name of the Vulnerable Software and Affected Versions TG8 Firewall affected versions not specified Description The TG8 Firewall exposes a directory, such as /data/, over HTTP without authentication. This directory contains credential files for previously logged-in users. A remote, unauthenticated...