CVE-2026-44560

Open WebUI (self-hosted offline AI platform) contains a vector-search access control flaw in the RAG retrieval path. In get_sources_from_items, non-full-context file/text collection paths can query the vector store without authorization, enabling extraction of content from files and knowledge bas...

CVE-2026-44560 Open WebUI: Unauthorized File and Knowledge Base Content Access via RAG Vector Search

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" non-full-context, type: "text" with collectionname, and bare collectionname/collectionnames paths in the getsourcesfromitems function perform vector store queries...

EUVD-2023-1375

Malicious code in bioql PyPI...

modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass

A vulnerability was found in ModSecurity. This issue occurs when FILESTMPCONTENT lacks complete content, which can lead to a Web Application Firewall bypass...

AZL-44475 CVE-2023-24021 affecting package mod_security for versions less than 2.9.7-8

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

UBUNTU-CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...