Lucene search
K

131 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-59227

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to...

4.3CVSS6AI score0.00259EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-59227 Open WebUI: POST /api/v1/images/edit bypasses the global image-edit switch and the per-user image-generation permission

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to...

4.3CVSS0.00259EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56831

Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.8.11 through 0.9.x Description An issue exists where the 'POST /api/v1/images/edit' endpoint only requires a verified account and fails to enforce the global image-edit switch or per-user image-generation permissions. Thi...

5.4CVSS6.1AI score0.00259EPSS
Exploits1References9
EUVD
EUVD
added 2026/07/07 4:51 p.m.12 views

EUVD-2026-22188

Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality...

4.3CVSS5.9AI score0.00227EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/07/01 7:3 p.m.6 views

CVE-2026-55597

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26...

5.5CVSS5.9AI score0.00103EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/07/01 6:58 p.m.6 views

CVE-2026-55594

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and...

5.3CVSS5.8AI score0.00241EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 9:54 p.m.11 views

EUVD-2026-36187

ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in GIMP

A flaw was discovered in GIMP. There is an integer overflow vulnerability when processing ICO image files, specifically in the icoreadinfo and icoreadicon functions. This issue arises because the size calculation for image buffers can exceed the limit due to a 32-bit integer evaluation, allowing...

6.5CVSS7.4AI score0.00838EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 9:50 p.m.10 views

EUVD-2026-36177

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 an...

4.1CVSS5.4AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.12 views

CVE-2026-34225

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...

4.3CVSS5.4AI score0.00227EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/19 9:48 p.m.18 views

Important: Red Hat Security Advisory: gimp security update

An update for gimp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.8CVSS7.4AI score0.00755EPSS
Exploits1References7
OSV
OSV
added 2026/04/14 1:39 a.m.4 views

CVE-2026-34225 Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...

4.3CVSS5.9AI score0.00227EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/14 1:39 a.m.37 views

CVE-2026-34225 Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...

4.3CVSS0.00227EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/14 1:39 a.m.2 views

CVE-2026-34225 Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...

4.3CVSS5.7AI score0.00227EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:39 a.m.9 views

CVE-2026-34225

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...

4.3CVSS5.7AI score0.00227EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI 0.7.2 and earlier contain security vulnerabilities. These vulnerabilities stem from a feature that allows for image editing through prompts, which enables blind server-side...

4.3CVSS5.8AI score0.00227EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/11 1:16 a.m.6 views

CVE-2026-4154

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.6AI score0.00596EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 10:9 a.m.7 views

RHSA-2026:5436 Red Hat Security Advisory: gimp:2.8 security update

Bulletin has no description...

8.8CVSS7AI score0.01157EPSS
Exploits0References27
RedHat Linux
RedHat Linux
added 2026/03/23 1:3 p.m.5 views

gimp: GIMP: Remote Code Execution via uninitialized memory in PGM file parsing

A flaw was found in GIMP. This uninitialized memory vulnerability allows a remote attacker to execute arbitrary code on affected installations. Successful exploitation requires user interaction, where the target must open a specially crafted PGM Portable Graymap image file. This can lead to...

8.8CVSS7.8AI score0.00972EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/12 2:15 p.m.5 views

EUVD-2026-10397

ImageMagick has heap-based buffer overflow in UHDR encoder...

6.8CVSS6AI score0.00108EPSS
Exploits0References3
Rows per page
Query Builder