Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
๐Ÿ”ฅ Daily Hot!
๐Ÿ’ช๐Ÿฝ CPE Enhanced Advisories
๐Ÿ•ถ Shadow Exploits
๐Ÿ•ต๐Ÿผ Vulners CPE
๐Ÿ” Security news
๐Ÿ’ป Exploit updates
๐Ÿ“‘ Blogs review
๐Ÿง Linux vulnerabilities
๐Ÿž Bugbounty
๐Ÿค– AI High Score
๐Ÿ“ฐ CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEโ€ขadded 2025/12/05 9:34 p.m.โ€ข4 views

CVE-2025-65959

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing...

8.7CVSS6.7AI score0.00028EPSS
Exploits1References1
EUVD
EUVDโ€ขadded 2025/12/04 10:3 p.m.โ€ข1 views

EUVD-2025-201264

Open WebUI vulnerable to Server-Side Request Forgery SSRF via Arbitrary URL Processing in /api/v1/retrieval/process/web...

8.5CVSS6.5AI score0.00041EPSS
Exploits1References4
Snyk
Snykโ€ขadded 2025/12/04 10:3 p.m.โ€ข3 views

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /api/v1/retrieval/process/web endpoint . An attacker can access internal network resources, cloud metadata endpoints, and sensitive information by submitting crafted...

8.5CVSS6.6AI score0.00041EPSS
Exploits1References2
Cvelist
Cvelistโ€ขadded 2025/12/04 8:46 p.m.โ€ข20 views

CVE-2025-65959 Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF'

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing...

8.7CVSS0.00028EPSS
Exploits1References2
CVE
CVEโ€ขadded 2025/12/04 7:55 p.m.โ€ข11 views

CVE-2025-65958

Open WebUI (self-hosted offline AI platform) is affected by a Server-Side Request Forgery (SSRF) in the /api/v1/retrieval/process/web endpoint. The vulnerability allows any authenticated user to force the server to fetch arbitrary URLs, enabling access to internal/cloud metadata endpoints (e.g., ...

8.5CVSS6.5AI score0.00041EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesโ€ขadded 2025/12/04 12:0 a.m.โ€ข3 views

PT-2025-49146

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.37 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A Stored Cross-Site Scripting XSS issue was identified in the Notes PDF download functionality. ...

8.7CVSS5.7AI score0.00028EPSS
Exploits1References12
CNNVD
CNNVDโ€ขadded 2025/12/04 12:0 a.m.โ€ข1 views

Open WebUI ไปฃ็ ้—ฎ้ข˜ๆผๆดž

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A code issue vulnerability exists in versions of Open WebUI prior to 0.6.37 that stems from server-side request forgery and could lead to access to internal networks and services...

8.5CVSS6.7AI score0.00041EPSS
Exploits1References2
Rows per page
Query Builder