Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/15 8:33 p.m.12 views

CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 8:33 p.m.54 views

CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS0.00307EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:2 a.m.7 views

CVE-2024-21505

Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting...

7.5CVSS6.7AI score0.00712EPSS
Exploits0References1
Snyk
Snyk
added 2024/02/05 10:0 p.m.4 views

Prototype Pollution

Overview web3-utils is a Collection of utility functions used in web3.js. Affected versions of this package are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading ...

7.5CVSS8AI score0.00712EPSS
Exploits0References2
Rows per page
Query Builder