Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/05/15 8:34 p.m.45 views

CVE-2026-45397 Open WebUI: Unauthenticated RAG Configuration Disclosure

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on...

5.3CVSS0.0072EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object reference vulnerabilities in the channel functionality. The...

4.3CVSS5.8AI score0.00204EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.5 had code issues and vulnerabilities, which were caused by parsing differences between the urlparse and requests libraries, leading to SSRF bypasses...

8.5CVSS5.9AI score0.00292EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.8 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from multiple endpoints accepting file IDs provided by users without verifying ownership,...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.14 views

Open WebUI < 0.9.5 Multiple Vulnerabilities

The version of Open WebUI running on the remote host is prior to 0.9.5. It is, therefore, affected by multiple vulnerabilities: - An insecure direct object reference IDOR vulnerability in the retrieval API allows any authenticated user who knows a private knowledge base UUID to bypass access...

8.5CVSS5.9AI score0.00331EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/09/21 12:0 a.m.3 views

Quinn Input Validation Error Vulnerability

Quinn is a pure Rust, asynchronous-compliant implementation of the IETF QUIC transport protocol from the quinn-rs open source. An input validation error vulnerability exists in quinn-proto that stems from a Denial of Service DoS that occurs when an unknown frame is received in a QUIC packet...

7.5CVSS6.7AI score0.0076EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/07/26 12:0 a.m.6 views

isula-build 安全漏洞

isula-build is an open source iSula Container Team Container image build tool from iSula Container Team that supports fast container image building via Dockerfile files. Isula-build A security vulnerability exists in Isula-build prior to 0.9.5-8 When building container images, some functions used...

7.5CVSS7.3AI score0.00961EPSS
Exploits0References2
Rows per page
Query Builder