CVE-2026-44552

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...

EUVD-2026-30609

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...

CVE-2026-44552 Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...

CVE-2026-44552

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of prefixes for the toolservers and terminalservers keys in the utils/tools.py...

Exposure of Resource to Wrong Sphere

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the handling of Redis cache keys for toolservers and terminalservers when multiple instances share a Redis backend. An attacker can overwrite or inject malicious tool...

Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Redis Cache Keys toolservers and terminalservers Missing Instance Prefix Enable Cross-Instance Cache Poisoning Affected Component Tool server and terminal server Redis cache: - backend/openwebui/utils/tools.py line 841, toolservers SET - backend/openwebui/utils/tools.py line 850, toolservers GET ...

GHSA-3X8W-4F7P-XXC2 Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Redis Cache Keys toolservers and terminalservers Missing Instance Prefix Enable Cross-Instance Cache Poisoning Affected Component Tool server and terminal server Redis cache: - backend/openwebui/utils/tools.py line 841, toolservers SET - backend/openwebui/utils/tools.py line 850, toolservers GET ...

PT-2026-39269

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Open WebUI fails to apply the REDIS KEY PREFIX to the tool servers and terminal servers keys within the utils/tools.py file. In deployments where multiple instances share a single Redis...

Bug in Anesthesia Respirators Allows Cyber-Tampering

A vulnerability in GE Healthcare’s Aestiva and Aespire anesthesia devices would allow an unauthenticated cybercriminal on the same network as the device to modify gas composition parameters within the devices’ respirator function, thus changing sensor readings for gas density. According to GE...

Microsoft Windows - FSCTL_FIND_FILES_BY_SID Information Disclosure Exploit

Exploit for windows platform in category dos / poc Windows: FSCTLFINDFILESBYSID Information Disclosure Platform: Windows 10 1709, 1803 Class: Information Disclosure / Elevation of Privilege Summary: The FSCTLFINDFILESBYSID control code doesn’t check for permissions to list a directory leading to...

Microsoft Outlook Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or...

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office that could be exploited when a user opens a file containing a malformed graphics image or when a user inserts a malformed graphics image into an Office file. Such a file could also be included in an email attachment. An attacker cou...

Gentoo Security Advisory GLSA 200805-07 (ltsp)

The remote host is missing updates announced in advisory GLSA 200805-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability

iDefense Security Advisory 05.07.08 http://labs.idefense.com/intelligence/vulnerabilities/ May 07, 2008 I. BACKGROUND rdesktop is an open source client that speaks the Remote Desktop Protocol RDP. This allows Unix-based users to login to Windows Terminal Servers. More information is available at...

Microsoft RDP flaws could allow sniffing and DOS(Q324380)

Remote Data Protocol RDP version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, and Remote Data Protocol RDP version 5.1 in Windows ...

CVE-2001-0540

Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service memory exhaustion via a large number of malformed Remote Desktop Protocol RDP requests to port 3389...

CVE-2001-0540

CVE-2001-0540: Memory leak in Windows NT/2000 Terminal Server processing of malformed RDP requests to port 3389 leads to memory exhaustion and DoS. Affected: Windows NT/2000 Terminal Services. Root cause: memory handling during RDP request processing. Remediation: Microsoft Security Bulletin MS01...

CVE-2001-0540

Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service memory exhaustion via a large number of malformed Remote Desktop Protocol RDP requests to port 3389...

annex-DoS.txt

Date: Sun, 26 Jul 1998 18:45:44 +1000 From: Matt Carter Subject: Re: Annex DoS i made a post about some time ago. a simple 'strobe' will bring a bay terminal server crashing to it's knees. i notified bay years ago .. hell lets go something even simpler. 1 x 32k ping packet ever second at a annex...