Lucene search
K

9 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-59212

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, verifyknowledgefileaccess only checked read access while file write and delete routes later trusted object-derived access through writable model meta.knowledge entries, allowing a user...

5.4CVSS0.00308EPSS
Exploits1References4
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42634

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, verifyknowledgefileaccess only checked read access while file write and delete routes later trusted object-derived access through writable model meta.knowledge entries, allowing a user...

5.4CVSS6AI score0.00308EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/29 12:31 a.m.7 views

EUVD-2026-40006

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.uploadfile/FileHandler.removefile of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely...

6.5CVSS6.1AI score0.00294EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/28 10:0 p.m.31 views

CVE-2026-13509 RAGapp Knowledge File files.py FileHandler.remove_file path traversal

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.uploadfile/FileHandler.removefile of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely...

6.5CVSS0.00294EPSS
Exploits0References7
OSV
OSV
added 2026/06/28 10:0 p.m.3 views

CVE-2026-13509 RAGapp Knowledge File files.py FileHandler.remove_file path traversal

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.uploadfile/FileHandler.removefile of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely...

5.3CVSS6AI score0.00294EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53165

Name of the Vulnerable Software and Affected Versions RAGapp versions prior to 0.1.6 Description A path traversal issue exists in the Knowledge File Handler component. This flaw allows remote attackers to manipulate files via the FileHandler.upload file and FileHandler.remove file functions locat...

6.5CVSS6.6AI score0.00294EPSS
Exploits0References12
OSV
OSV
added 2026/06/17 2:31 p.m.7 views

GHSA-CX9V-4QJ2-JRW6 Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration

Summary Open WebUI has a Broken Object Level Authorization BOLA vulnerability in the builtin searchknowledgefiles tool. When native function calling is enabled and the selected model has no attached knowledge bases, an authenticated user can call searchknowledgefiles with an arbitrary knowledgeid...

4.3CVSS5.6AI score0.00226EPSS
Exploits1References2
OSV
OSV
added 2026/03/26 11:39 p.m.4 views

CVE-2026-29070 Open WebUI has unauthorized deletion of knowledge files

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin,...

5.4CVSS5.9AI score0.00252EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

NetEase QAnything 跨站脚本漏洞

NetEase QAnything is a local knowledge base question and answer system from China's NetEase, Inc. that is designed to support files or databases in any format, and can be installed and used offline. A cross-site scripting vulnerability exists in NetEase QAnything. An attacker can exploit this...

6.1CVSS5.8AI score0.00329EPSS
Exploits1References1
Rows per page
Query Builder