11 matches found
PT-2026-41192
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An information disclosure issue exists where the 'GET /api/v1/retrieval/' endpoint returns live RAG Retrieval-Augmented Generation pipeline configuration to any unauthenticated HTTP client. No...
EUVD-2025-31386
Malicious code in bioql PyPI...
CVE-2025-11046
A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...
CVE-2025-11046 Tencent WeKnora test testEmbeddingModel server-side request forgery
A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...
CVE-2025-11046 Tencent WeKnora test testEmbeddingModel server-side request forgery
A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...
Information Exposure
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Information Exposure due to the embedding model update feature under admin settings. An attacker can expose sensitive information by observing error messages that vary based on the file's existence and...
CVE-2024-7038
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existenc...
CVE-2024-7038
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existenc...
CVE-2024-7038 Information Disclosure in open-webui/open-webui
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existenc...
CVE-2024-7038
CVE-2024-7038 describes an information disclosure in open-webui v0.3.8 where the embedding model update feature under admin settings reveals different error messages based on file existence/configuration. This enables an attacker to enumerate file names and traverse directories, exposing sensitiv...
PT-2024-38040 · Unknown · Open-Webui
Name of the Vulnerable Software and Affected Versions: open-webui version 0.3.8 Description: An information disclosure issue exists related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different...