Lucene search
K

7 matches found

Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-59213 Open WebUI: Cross-user model-list exposure via static cache key in get_all_models (aiocache key= vs key_builder= misuse)

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

3.5CVSS0.00273EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-59213

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

3.5CVSS6AI score0.00273EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/05/17 1:16 p.m.20 views

CVE-2026-8755

A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function getallmodels of the file hiyoriUI.py of the component Model Handler. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has be...

7.5CVSS0.00611EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:45 p.m.6 views

CVE-2026-8755

A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function getallmodels of the file hiyoriUI.py of the component Model Handler. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has be...

7.5CVSS6.7AI score0.00611EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 12:45 p.m.42 views

CVE-2026-8755 fishaudio Bert-VITS2 Model hiyoriUI.py _get_all_models path traversal

A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function getallmodels of the file hiyoriUI.py of the component Model Handler. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has be...

7.5CVSS0.00611EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.15 views

Bert-VITS2 路径遍历漏洞

Bert-VITS2 is a core text-to-speech model developed by Fish Audio. Bert-VITS2 has a path traversal vulnerability, which stems from the getallmodels function in the hiyoriUI.py file within the Model Handler component. Attackers could potentially exploit this vulnerability remotely...

7.5CVSS7.1AI score0.00611EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.18 views

PT-2026-41566

Name of the Vulnerable Software and Affected Versions fishaudio Bert-VITS2 versions prior to 8f7fbd8c4770965225d258db548da27dc8dd934c Description A path traversal flaw exists in the Model Handler component, specifically within the get all models function of the hiyoriUI.py file. This issue allows...

7.5CVSS7.2AI score0.00611EPSS
Exploits0References6
Rows per page
Query Builder