CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

OSV•added 2026/05/14 8:26 p.m.•3 views

GHSA-H2CW-7QW9-56XR Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)

Summary When setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may consider their system prompt confidential, so we consider this a security issue. Compare...

4.3CVSS5.8AI score0.00026EPSS

Exploits1References4

CNNVD•added 2026/01/22 12:0 a.m.•2 views

Ruijie AP180 Series Operating System Command Injection Vulnerability

The Ruijie AP180 Series is a series of panel-type wireless access points produced by the Chinese company Ruijie. Previous versions of the Ruijie AP180 Series, including those with model number 11.94B1P8, had a vulnerability related to operating system command injection. This vulnerability stems...

8.6CVSS7.3AI score0.0009EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-6902

Malicious code in bioql PyPI...

8.2CVSS8.2AI score0.00237EPSS

Exploits1References4

RedhatCVE•added 2025/03/22 11:26 a.m.•9 views

CVE-2024-8616

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...

8.2CVSS6.9AI score0.00237EPSS

Exploits1References1