Lucene search
+L

1380 matches found

ptsecurity
ptsecurity
added 2024/10/04 12:0 a.m.10 views

PT-2025-12199

Name of the Vulnerable Software and Affected Versions open-webui version 0.3.8 Description An endpoint for converting Markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of...

7.5CVSS7.1AI score0.00811EPSS
Exploits1References24
packetstorm
packetstorm
added 2024/08/08 12:0 a.m.642 views

Open WebUI 0.1.105 File Upload / Path Traversal

KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal Title: Open WebUI Arbitrary File Upload + Path Traversal Advisory ID: KL-001-2024-006 Publication Date: 2024.08.D06 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected...

8.8CVSS7.1AI score0.01003EPSS
Exploits3
zdt
zdt
added 2024/08/08 12:0 a.m.340 views

Open WebUI 0.1.105 File Upload / Path Traversal Vulnerabilities

Title: Open WebUI Arbitrary File Upload + Path Traversal Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-22:...

8.8CVSS8.8AI score0.01003EPSS
Exploits3
packetstorm
packetstorm
added 2024/08/08 12:0 a.m.585 views

Open WebUI 0.1.105 Persistent Cross Site Scripting

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting Title: Open WebUI Stored Cross-Site Scripting Advisory ID: KL-001-2024-005 Publication Date: 2024.08.06 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI...

6.3CVSS7.1AI score0.00657EPSS
Exploits3
zdt
zdt
added 2024/08/08 12:0 a.m.214 views

Open WebUI 0.1.105 Persistent Cross Site Scripting Vulnerability

Title: Open WebUI Stored Cross-Site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-79: Improper...

6.1CVSS7AI score0.00657EPSS
Exploits3
vulnrichment
vulnrichment
added 2024/08/07 11:4 p.m.37 views

CVE-2024-6707 Open WebUI Arbitrary File Upload + Path Traversal

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability...

7AI score0.01003EPSS
Exploits3References1
vulnrichment
vulnrichment
added 2024/08/07 11:1 p.m.18 views

CVE-2024-6706 Open WebUI Stored Cross-Site Scripting

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

6.9AI score0.00657EPSS
Exploits3References1
cvelist
cvelist
added 2024/08/07 11:1 p.m.43 views

CVE-2024-6706 Open WebUI Stored Cross-Site Scripting

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page...

0.00657EPSS
Exploits3References1
korelogic
korelogic
added 2024/08/07 12:0 a.m.72 views

Open WebUI Arbitrary File Upload + Path Traversal

Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', CWE-434: Unrestricted Upload of File with Dangerous Type CVE ID:...

8.8CVSS7.8AI score0.01003EPSS
Exploits3Affected Software1
cnnvd
cnnvd
added 2024/08/07 12:0 a.m.8 views

Open WebUI 路径遍历漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version 0.1.105, which stems from vulnerability to a path traversal attack, where an attacker can upload a controlled file to an arbitrary location...

8.8CVSS8.7AI score0.01003EPSS
Exploits3References3
korelogic
korelogic
added 2024/08/07 12:0 a.m.52 views

Open WebUI Stored Cross-Site Scripting

Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVE ID: CVE-2024-6706 2. Vulnerability Description Attackers...

6.3CVSS7AI score0.00657EPSS
Exploits3Affected Software1
ptsecurity
ptsecurity
added 2024/06/11 12:0 a.m.20 views

PT-2026-39283

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.1.124 Description An improper authorization control exists where the API fails to validate if a user possesses an authorized role of user or admin. When the platform is configured to allow new sign-ups, new...

7.5CVSS5.8AI score0.0023EPSS
Exploits1References12
bdu_fstec
bdu_fstec
added 2024/05/20 12:0 a.m.4 views

The vulnerability of the download_file_stream() function (backend/apps/web/routers/utils.py) in the AI-based web interface Open WebUI (previously Ollama WebUI) allows a attacker to perform an SSRF attack.

The vulnerability of the downloadfilestream function located in backend/apps/web/routers/utils.py of the Open WebUI formerly Ollama WebUI AI-based web interface is related to the manipulation of requests on the server-side during the processing of the url parameter. Exploiting this vulnerability...

7.5CVSS5.5AI score0.00412EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2024/04/16 3:15 p.m.11 views

CVE-2024-30256

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117...

6.4CVSS6.2AI score0.00412EPSS
Exploits1References2
cve
cve
added 2024/04/16 2:24 p.m.66 views

CVE-2024-30256

CVE-2024-30256 affects Open WebUI prior to version 0.1.117. The vulnerability is an authenticated blind server-side request forgery (SSRF) in the backend, specifically in the function download_file_stream() inside Open WebUI’s backend/apps/web/routers/utils.py, exploitable via the url parameter. ...

6.4CVSS6.5AI score0.00412EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2024/04/16 2:24 p.m.16 views

CVE-2024-30256 Open WebUI vulnerable to server-side request forgery in utils.py

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117...

6.4CVSS6.6AI score0.00412EPSS
Exploits1References2
osv
osv
added 2024/04/16 2:24 p.m.8 views

CVE-2024-30256 Open WebUI vulnerable to server-side request forgery in utils.py

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117...

6.4CVSS6.7AI score0.00412EPSS
Exploits1References4
cvelist
cvelist
added 2024/04/16 2:24 p.m.23 views

CVE-2024-30256 Open WebUI vulnerable to server-side request forgery in utils.py

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117...

6.4CVSS6.4AI score0.00412EPSS
Exploits1References2
cnnvd
cnnvd
added 2024/04/16 12:0 a.m.6 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. A security vulnerability exists in Open WebUI versions prior to 0.1.117, which stems from vulnerability to authenticated blind server-side request forgery attacks...

6.4CVSS6.6AI score0.00412EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2024/03/18 12:0 a.m.10 views

PT-2024-3607 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: Open WebUI versions prior to 0.1.117 Description: The issue is related to an authenticated blind server-side request forgery vulnerability. It involves the download file stream function in the backend/apps/web/routers/utils.py file of the Ope...

7.5CVSS6.4AI score0.00412EPSS
Exploits1References10
Rows per page
Query Builder