Lucene search
K

7 matches found

CVE
CVE
added 2026/05/15 9:24 p.m.23 views

CVE-2026-44571

CVE-2026-44571 concerns the Open WebUI platform. In standard channels, the endpoint POST /api/v1/channels/{channel_id}/messages/{message_id}/update could be invoked with only read permission if access_control is None, allowing unauthorized users to modify other users’ messages. The issue is fixed...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained a security vulnerability. This vulnerability stemmed from the lack of ownership checks for the/api/v1/retrieval/process/files/batch endpoint, which cou...

7.1CVSS5.9AI score0.02858EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 11:39 p.m.3 views

CVE-2026-29070 Open WebUI has unauthorized deletion of knowledge files

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin,...

5.4CVSS5.9AI score0.00252EPSS
Exploits1References3
CVE
CVE
added 2026/03/26 11:38 p.m.10 views

CVE-2026-28788

Open WebUI vulnerability CVE-2026-28788 affects the self-hosted Open WebUI AI platform. Before version 0.8.6, an authenticated user can overwrite any file’s content by ID via POST /api/v1/retrieval/process/files/batch. The endpoint performs no ownership check, enabling a user with read access to ...

7.1CVSS5.8AI score0.02858EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/27 12:0 a.m.6 views

PT-2025-53612

Name of the Vulnerable Software and Affected Versions Libredesk versions prior to 0.8.6-beta Description Libredesk is a self-hosted customer support desk application. A stored HTML injection issue exists in the contact notes feature. When adding notes through the POST /api/v1/contacts/id/notes...

8.6CVSS6.7AI score0.00193EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.3 views

SUSE CVE-2020-10749

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or...

6CVSS8.2AI score0.02428EPSS
Exploits1References11
CNNVD
CNNVD
added 2021/02/08 12:0 a.m.3 views

ezXML 缓冲区错误漏洞

ezXML is a C library for parsing XML documents . An out-of-bounds write vulnerability exists in the ezxmlnew function in ezXML 0.8.6 and earlier. An attacker can exploit this vulnerability to cause an out-of-bounds write when opening an XML file after the memory pool has been exhausted...

8.1CVSS7.1AI score0.01178EPSS
Exploits1References6
Rows per page
Query Builder