Lucene search
+L

36 matches found

Vulnrichment
Vulnrichment
added 2026/05/17 11:30 a.m.9 views

CVE-2026-8751 h2oai h2o-3 JAR Model.java importBinaryModel deserialization

A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The...

7.5CVSS6.7AI score0.00409EPSS
Exploits0References4
NVD
NVD
added 2026/05/15 8:16 p.m.35 views

CVE-2026-44562

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

6.5CVSS0.0029EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 7:30 p.m.8 views

CVE-2026-44562 Open WebUI: Model Import Overwrites Any Model Without Ownership Check

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 7:30 p.m.51 views

CVE-2026-44562 Open WebUI: Model Import Overwrites Any Model Without Ownership Check

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

6.5CVSS0.0029EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 7:30 p.m.23 views

EUVD-2026-30613

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:30 p.m.12 views

CVE-2026-44562

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/15 7:30 p.m.25 views

CVE-2026-44562

Open WebUI vulnerability CVE-2026-44562 affects the model import flow. Before version 0.9.0, POST /api/v1/models/import allowed users with workspace.models_import to overwrite any existing model without ownership checks, merging the attacker payload into the target model when IDs match, and bypas...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/15 7:30 p.m.3 views

CVE-2026-44562 Open WebUI: Model Import Overwrites Any Model Without Ownership Check

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

6.5CVSS6AI score0.0029EPSS
Exploits1References3
OSV
OSV
added 2026/05/08 7:52 p.m.8 views

GHSA-MQQ6-CQCX-38VG Open WebUI's Model Import Overwrites Any Model Without Ownership Check

Model Import Overwrites Any Model Without Ownership Check Affected Component Model import endpoint: - backend/openwebui/routers/models.py lines 254-308, importmodels Affected Versions Current main branch commit 6fdd19bf1 and likely all versions with model import functionality. Description The POS...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/08 7:52 p.m.9 views

Open WebUI's Model Import Overwrites Any Model Without Ownership Check

Model Import Overwrites Any Model Without Ownership Check Affected Component Model import endpoint: - backend/openwebui/routers/models.py lines 254-308, importmodels Affected Versions Current main branch commit 6fdd19bf1 and likely all versions with model import functionality. Description The POS...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-39272

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Open WebUI supports model composition through the base model id variable, allowing a user-defined model to reference a base model for inference. An access control flaw exists where the system...

7.6CVSS6.2AI score0.00248EPSS
Exploits1References11
CVE
CVE
added 2026/02/02 8:14 p.m.29 views

CVE-2026-1778

SageMaker Python SDK (before v3.1.1 or v2.256.0) disables TLS certificate verification in the Triton Python backend during model import, allowing HTTPS requests to succeed with invalid/self-signed certificates. Affected versions: SDK <3.1.1 and

8.2CVSS5.4AI score0.00244EPSS
Exploits0References4
OSV
OSV
added 2026/02/02 8:14 p.m.6 views

CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

8.2CVSS6AI score0.00244EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/12/16 6:7 p.m.9 views

WordPress WP3D Model Import Viewer plugin <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin WP3D Model Import Viewer versions = 1.0.7...

8.8CVSS6.8AI score0.00441EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/13 6:30 p.m.5 views

EUVD-2025-203227

The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleimportfile function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Author-level access and above, to...

8.8CVSS6.8AI score0.00441EPSS
Exploits0References3
NVD
NVD
added 2025/12/13 4:16 p.m.6 views

CVE-2025-13094

The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleimportfile function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Author-level access and above, to...

8.8CVSS0.00441EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.36 views

CVE-2025-13094 WP3D Model Import Viewer <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload

The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleimportfile function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Author-level access and above, to...

8.8CVSS0.00441EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/13 4:31 a.m.3 views

CVE-2025-13094 WP3D Model Import Viewer <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload

The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleimportfile function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Author-level access and above, to...

8.8CVSS7AI score0.00441EPSS
Exploits0References2
CVE
CVE
added 2025/12/13 4:31 a.m.18 views

CVE-2025-13094

CVE-2025-13094 affects the WordPress plugin WP3D Model Import Viewer, specifically versions

8.8CVSS7AI score0.00441EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.5 views

PT-2025-51062

Name of the Vulnerable Software and Affected Versions WP3D Model Import Viewer plugin for WordPress versions through 1.0.7 Description The WP3D Model Import Viewer plugin for WordPress is susceptible to arbitrary file uploads. This is due to a lack of file type validation within the handle import...

8.8CVSS7.4AI score0.00441EPSS
Exploits0References7
Rows per page
Query Builder