Lucene search
K

13 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-59227

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to...

5.4CVSS0.00259EPSS
Exploits1References4
OSV
OSV
added 6 days ago3 views

CVE-2026-59227 Open WebUI: POST /api/v1/images/edit bypasses the global image-edit switch and the per-user image-generation permission

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to...

4.3CVSS6.1AI score0.00259EPSS
Exploits1References6
CVE
CVE
added 6 days ago8 views

CVE-2026-59227

Vulnerability summary: CVE-2026-59227 affects Open WebUI prior to 0.10.0. Affected endpoint: POST /api/v1/images/edit. The issue allowed a non-admin user with a verified account to bypass the global image-edit switch and per-user image-generation permissions, enabling server-side image editing wi...

5.4CVSS6AI score0.00259EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/07/07 4:51 p.m.8 views

GHSA-JGX9-JR5X-MVPV Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality

Summary There is a blind server side request forgery in the functionality that allows editing an image via a prompt. The affected function will perform a GET request on the URL provided by the user. There is no restriction on the domain of the provided URL allowing the local address space to be...

4.3CVSS5.9AI score0.00227EPSS
Exploits1References3
CVE
CVE
added 2026/04/14 1:39 a.m.23 views

CVE-2026-34225

Open WebUI vulnerability CVE-2026-34225 affects the Open WebUI self-hosted AI platform (offline). Versions ≤ 0.7.2 expose a Blind Server Side Request Forgery in the image-edit workflow: a GET request to a user-supplied URL with no domain restrictions, enabling access to the local address space. B...

4.3CVSS5.7AI score0.00227EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32582

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.7.3 Description Open WebUI contains a Blind Server Side Request Forgery SSRF in the functionality used to edit an image via a prompt. The affected function performs a GET request to a user-provided URL without...

4.3CVSS5.9AI score0.00227EPSS
Exploits1References7
NVD
NVD
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50894

VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the imgid parameter. Attackers can send GET requests to editgalleryimage.php with malicious imgid values to extract database...

7.1CVSS0.00417EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:1 p.m.4 views

Malicious code in sp-image-edit (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:1 p.m.7 views

MAL-2024-3036 Malicious code in sp-image-edit (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
Packet Storm
Packet Storm
added 2023/08/09 12:0 a.m.282 views

Dexx CMS HTML And Site Builder 2.2.3 XSS / Arbitrary File Upload

==================================================================================================================================== | Title : Dexx CMS - HTML and Site Builder V2.2.3 Remote File Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.6 views

Billing System Project 代码问题漏洞

Billing System Project is a billing system project by Mayuri K. Individual developer. A security vulnerability exists in Billing System Project v1.0, which stems from an arbitrary file upload vulnerability found in component /phpaction/editProductImage. An attacker can exploit this vulnerability ...

7.2CVSS7.5AI score0.01034EPSS
Exploits1References2
0day.today
0day.today
added 2014/06/27 12:0 a.m.25 views

Wordpress Plugin Maxgalleria Lite Wordpress Post Title Edit Vulnerbility

This material allows an attacker to change any post name while the wordpress is having the vulnerable plugin Usage Info Follow the POC Title : Wordpress Plugin Maxgalleria lite wordpress Post Title Edit Vulnerbility Author : Aloulou Date : 25/06/2014 Facebook : facebook.com/Aloulou.TN Email:...

7AI score
Exploits0
CERT
CERT
added 2000/10/31 12:0 a.m.54 views

Wang/Kodak Image Edit ActiveX control

Overview Description The Image Edit control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Edit control is one of several controls used to provide image editting services through a web site. Because the...

10CVSS6.2AI score0.24429EPSS
Exploits0References2
Rows per page
Query Builder