CVE-2026-45387 Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may...

CVE-2026-45387 Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may...

EUVD-2020-3083

Malware in sbrugna...

CVE-2025-54412

A flaw was found in skops. An inconsistency in OperatorFuncNode can hide the execution of untrusted operator methods when a specially crafted model file is loaded. This issue allows arbitrary code execution at load time...

CVE-2025-54412 skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...

MISP - Malware Information Sharing Platform and Threat Sharing

The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System NIDS, LIDS but also log analysi...