Lucene search
K

7 matches found

Snyk
Snyk
added 2026/05/11 2:5 p.m.8 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the updatemessagebyid process. An attacker can modify messages authored by other users by sending a request to the message update endpoint with only read permissions in a standard...

7.1CVSS5.8AI score0.00277EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 3:35 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the querycollectionhandler function. An attacker can access other users' private documents, metadata, and personal memories by submitting crafted requests t...

4.3CVSS5.9AI score0.00253EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 3:29 p.m.2 views

Information Exposure

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Information Exposure via the POST /api/v1/audio/transcriptions endpoint. An attacker can obtain sensitive server filesystem path information by submitting a crafted multipart request with a malicious filename...

5.3CVSS5.9AI score0.00427EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28381

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description Open WebUI is a self-hosted artificial intelligence platform designed for offline operation. A flaw exists in the speech-to-text transcription endpoint where an unsanitized filename field allows a...

4.3CVSS5.8AI score0.00427EPSS
Exploits1References6
Nextcloud
Nextcloud
added 2025/12/05 7:55 a.m.12 views

Missing ownership check in Tables app allows moving columns into tables of other users

None...

6.3CVSS5.2AI score0.00214EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2025/08/07 8:52 p.m.2 views

Interpretation Conflict

Overview uv is an An extremely fast Python package and project manager, written in Rust. Affected versions of this package are vulnerable to Interpretation Conflict via improper handling of ZIP archives during the installation process. An attacker can cause malicious code to be executed by crafti...

6.8CVSS6.8AI score0.00196EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.5 views

PT-2023-8928 · Fluid · Fluid

Name of the Vulnerable Software and Affected Versions: Fluid versions 0.7.0 through 0.8.5 Description: The issue is related to improper authorization in Fluid, an open-source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. If a malicious user...

7.8CVSS7.3AI score0.00236EPSS
Exploits0References12
Rows per page
Query Builder