EUVD-2025-6949

Malicious code in bioql PyPI...

CVE-2024-7045

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt...

Insufficient Isolation of System-Dependent Functions

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Insufficient Isolation of System-Dependent Functions due to improper access control on the /api/v1/prompts/ and /api/v1/prompts/command/commandid interfaces. An attacker can view and retrieve prompt informati...

Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt...

CVE-2024-7045

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt...

CVE-2024-7045

In open-webui/open-webui v0.3.8, an improper access-control vulnerability allows attackers to read prompts via unauthenticated/admin verification by calling /api/v1/prompts/ to retrieve admin-created prompt data (including IDs) and then /api/v1/prompts/command/{command_id} for additional prompt i...