7 matches found
CVE-2026-45397 Open WebUI: Unauthenticated RAG Configuration Disclosure
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object reference vulnerabilities in the channel functionality. The...
Open WebUI 代码问题漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.5 had code issues and vulnerabilities, which were caused by parsing differences between the urlparse and requests libraries, leading to SSRF bypasses...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from multiple endpoints accepting file IDs provided by users without verifying ownership,...
Open WebUI < 0.9.5 Multiple Vulnerabilities
The version of Open WebUI running on the remote host is prior to 0.9.5. It is, therefore, affected by multiple vulnerabilities: - An insecure direct object reference IDOR vulnerability in the retrieval API allows any authenticated user who knows a private knowledge base UUID to bypass access...
Quinn Input Validation Error Vulnerability
Quinn is a pure Rust, asynchronous-compliant implementation of the IETF QUIC transport protocol from the quinn-rs open source. An input validation error vulnerability exists in quinn-proto that stems from a Denial of Service DoS that occurs when an unknown frame is received in a QUIC packet...
isula-build 安全漏洞
isula-build is an open source iSula Container Team Container image build tool from iSula Container Team that supports fast container image building via Dockerfile files. Isula-build A security vulnerability exists in Isula-build prior to 0.9.5-8 When building container images, some functions used...