Lucene search
K

9864 matches found

Microsoft Security Update
Microsoft Security Update
added 2026/04/14 5:0 p.m.29 views

2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 (KB5084070)

2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 KB5084070...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/04/14 5:0 p.m.13 views

2026-04 .NET 10.0.6 Security Update for ARM64 Client (KB5086095)

2026-04 .NET 10.0.6 Security Update for ARM64 Client KB5086095...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/04/14 5:0 p.m.22 views

2026-04 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5082200)

2026-04 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems KB5082200...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/04/14 5:0 p.m.17 views

2026-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 (KB5084066)

2026-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 KB5084066...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/04/14 5:0 p.m.52 views

2026-04 .NET 9.0.15 Security Update for x64 Client (KB5086097)

2026-04 .NET 9.0.15 Security Update for x64 Client KB5086097...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/04/14 5:0 p.m.10 views

2026-04 .NET 10.0.6 Security Update for x64 Server (KB5086095)

2026-04 .NET 10.0.6 Security Update for x64 Server KB5086095...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/04/14 5:0 p.m.9 views

2026-04 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5082123)

2026-04 Cumulative Update for Windows 10 Version 1809 for x86-based Systems KB5082123...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/13 1:22 p.m.4 views

CVE-2026-6106

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/staticheadersmiddleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting...

5.1CVSS4.3AI score0.00266EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/30 1:39 p.m.894 views

Exploit for Command Injection in Paloaltonetworks Pan-Os

CVE KB: A high-quality knowledge base for automatic penetratio...

10CVSS7AI score0.99999EPSS
Exploits128
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.5 views

CVE-2026-28788

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...

7.1CVSS5.9AI score0.02858EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 3:35 p.m.3 views

EUVD-2026-16484

Open WebUI has unauthorized deletion of knowledge files...

5.4CVSS5.9AI score0.00252EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 3:35 p.m.1 views

GHSA-26GM-93RW-CCHF Open WebUI has unauthorized deletion of knowledge files

Summary An access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin, but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from...

5.4CVSS6AI score0.00252EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/27 3:35 p.m.6 views

Open WebUI has unauthorized deletion of knowledge files

Summary An access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin, but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from...

8.1CVSS6AI score0.00252EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/27 3:34 p.m.5 views

EUVD-2026-16482

Open WebUI's processfilesbatch endpoint missing ownership check, allows unauthorized file overwrite...

7.1CVSS5.8AI score0.02858EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/27 3:34 p.m.7 views

Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

Summary Any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via GET /api/v1/knowledge/id/files a...

7.1CVSS5.9AI score0.02858EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/27 3:34 p.m.3 views

GHSA-JJP7-G2JW-WH3J Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

Summary Any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via GET /api/v1/knowledge/id/files a...

7.1CVSS5.9AI score0.02858EPSS
Exploits1References4
NVD
NVD
added 2026/03/27 12:16 a.m.4 views

CVE-2026-28788

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...

7.1CVSS0.02858EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 12:16 a.m.5 views

CVE-2026-29070

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin,...

8.1CVSS0.00252EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained security vulnerabilities. These vulnerabilities stemmed from the lack of access control checks when deleting files from the knowledge base, which could...

8.1CVSS5.9AI score0.00252EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/26 11:39 p.m.2 views

CVE-2026-29070 Open WebUI has unauthorized deletion of knowledge files

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin,...

5.4CVSS5.9AI score0.00252EPSS
Exploits1References1
Rows per page
Query Builder