2 matches found
CVE-2026-59222
Open WebUI is a self-hosted AI platform. CVE-2026-59222 affects versions from 0.7.0 up to, but not including, 0.10.0. The vulnerability arises when GET /api/v1/channels/{id}/members returns full UserModelResponse objects for channel members, including settings.ui.toolServers[].key and webhook con...
PT-2026-51020
Name of the Vulnerable Software and Affected Versions Mercator versions prior to 2025.05.19 Description The Query Engine allows authenticated users to execute queries via a JSON DSL Domain Specific Language, which is a specialized language used to define data queries. The controller method...