CVE-2026-44554

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collectionname and an overwrite query parameter default: True. It performs no authorization check on whether t...

EUVD-2026-30622

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collectionname and an overwrite query parameter default: True. It performs no authorization check on whether t...

EUVD-2026-23717

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function getvectordbdetails of the file superagi/controllers/vectordbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack...

CVE-2026-6582

TransformerOptimus SuperAGI up to 0.0.14: the get_vector_db_details function in superagi/controllers/vector_dbs.py of the Vector Database Management Endpoint is vulnerable to a manipulation that leads to missing authentication. This is a remote-exploit, with a publicly published exploit and confi...