7 matches found
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the updatemessagebyid process. An attacker can modify messages authored by other users by sending a request to the message update endpoint with only read permissions in a standard...
Authorization Bypass Through User-Controlled Key
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the querycollectionhandler function. An attacker can access other users' private documents, metadata, and personal memories by submitting crafted requests t...
Information Exposure
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Information Exposure via the POST /api/v1/audio/transcriptions endpoint. An attacker can obtain sensitive server filesystem path information by submitting a crafted multipart request with a malicious filename...
PT-2026-28381
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description Open WebUI is a self-hosted artificial intelligence platform designed for offline operation. A flaw exists in the speech-to-text transcription endpoint where an unsanitized filename field allows a...
Missing ownership check in Tables app allows moving columns into tables of other users
None...
Interpretation Conflict
Overview uv is an An extremely fast Python package and project manager, written in Rust. Affected versions of this package are vulnerable to Interpretation Conflict via improper handling of ZIP archives during the installation process. An attacker can cause malicious code to be executed by crafti...
PT-2023-8928 · Fluid · Fluid
Name of the Vulnerable Software and Affected Versions: Fluid versions 0.7.0 through 0.8.5 Description: The issue is related to improper authorization in Fluid, an open-source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. If a malicious user...