Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.10 views

CVE-2026-45666

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/noteid endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. Th...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 9:31 p.m.15 views

EUVD-2026-30662

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profileimageurl values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves...

7.4CVSS6AI score0.00212EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:28 p.m.6 views

CVE-2026-45318

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview XSS CVE-2026-44549. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify ...

7.3CVSS5.8AI score0.00318EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2026/05/15 7:54 p.m.20 views

EUVD-2026-30615

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

8.1CVSS5.7AI score0.00284EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:39 p.m.7 views

CVE-2026-26193

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts...

7.3CVSS5.5AI score0.00198EPSS
Exploits1References1
Rows per page
Query Builder