3 matches found
CVE-2026-59212 Open WebUI: Model meta.knowledge read-only file access can be upgraded to file write/delete
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, verifyknowledgefileaccess only checked read access while file write and delete routes later trusted object-derived access through writable model meta.knowledge entries, allowing a user...
CVE-2026-59212
Open WebUI vulnerability CVE-2026-59212 affects the Open WebUI platform. From version 0.9.6 up to, but not including, 0.10.0, verify_knowledge_file_access only checked read access; write and delete routes were later trusted via writable model.meta.knowledge entries. This allowed a user with read-...
Potential Unintended Data Exposure for Resource Exposed by Spring Data REST
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.6.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes...