9864 matches found
2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 (KB5084070)
2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 KB5084070...
2026-04 .NET 10.0.6 Security Update for ARM64 Client (KB5086095)
2026-04 .NET 10.0.6 Security Update for ARM64 Client KB5086095...
2026-04 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5082200)
2026-04 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems KB5082200...
2026-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 (KB5084066)
2026-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 KB5084066...
2026-04 .NET 9.0.15 Security Update for x64 Client (KB5086097)
2026-04 .NET 9.0.15 Security Update for x64 Client KB5086097...
2026-04 .NET 10.0.6 Security Update for x64 Server (KB5086095)
2026-04 .NET 10.0.6 Security Update for x64 Server KB5086095...
2026-04 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5082123)
2026-04 Cumulative Update for Windows 10 Version 1809 for x86-based Systems KB5082123...
CVE-2026-6106
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/staticheadersmiddleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting...
Exploit for Command Injection in Paloaltonetworks Pan-Os
CVE KB: A high-quality knowledge base for automatic penetratio...
CVE-2026-28788
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...
EUVD-2026-16484
Open WebUI has unauthorized deletion of knowledge files...
GHSA-26GM-93RW-CCHF Open WebUI has unauthorized deletion of knowledge files
Summary An access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin, but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from...
Open WebUI has unauthorized deletion of knowledge files
Summary An access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin, but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from...
EUVD-2026-16482
Open WebUI's processfilesbatch endpoint missing ownership check, allows unauthorized file overwrite...
Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite
Summary Any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via GET /api/v1/knowledge/id/files a...
GHSA-JJP7-G2JW-WH3J Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite
Summary Any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via GET /api/v1/knowledge/id/files a...
CVE-2026-28788
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...
CVE-2026-29070
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin,...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained security vulnerabilities. These vulnerabilities stemmed from the lack of access control checks when deleting files from the knowledge base, which could...
CVE-2026-29070 Open WebUI has unauthorized deletion of knowledge files
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin,...