Lucene search
K

552 matches found

Nuclei
Nuclei
added yesterday21 views

Open WebUI 'LDAP Empty Password' - Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

9.1CVSS7AI score0.01461EPSS
Exploits1References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42727

A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pullparser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public an...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References8
NVD
NVD
added 5 days ago7 views

CVE-2026-59715

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with alwaysconnect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requirin...

6.5CVSS0.00222EPSS
Exploits1References4
NVD
NVD
added 5 days ago7 views

CVE-2026-59219

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS0.00259EPSS
Exploits1References3
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-59223 Open WebUI: `WEB_FETCH_FILTER_LIST` host allow/block filter bypassable via URL path and non-label-boundary matching

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEBFETCHFILTERLIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL pa...

4.3CVSS0.00223EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-59216 Open WebUI: Cross-user code-interpreter and tool execution via unvalidated Socket.IO event-caller session_id

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, geteventcall delivered execute:python and execute:tool Socket.IO events to a client-supplied sessionid after checking only that the session was connected, allowing authenticated users who learne...

7.7CVSS0.00276EPSS
Exploits0References4
NVD
NVD
added 5 days ago8 views

CVE-2026-15184

A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwgnextentity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument nextobj results in null pointer dereference. The attack must be initiated from a local...

4.8CVSS0.00118EPSS
Exploits0References9
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42580

A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwgbmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the...

5.3CVSS5.9AI score0.00133EPSS
Exploits0References10
EUVD
EUVD
added last week11 views

EUVD-2026-22188

Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality...

4.3CVSS5.9AI score0.00227EPSS
Exploits1References2
CVE
CVE
added 2026/07/06 10:30 p.m.12 views

CVE-2026-53640

CVE-2026-53640 (FOSSBilling) affects the FOSSBilling project prior to version 0.8.0, where low-privileged staff could read sensitive data via admin API endpoints that lack proper authorization checks on read operations. The issue contrasts with write endpoints that have fine-grained permissions, ...

2.3CVSS6AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-56039

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.6 through 0.7.2 Description When a ClientPasswordReset record already exists for a client from a previous unexpired request, subsequent calls to the reset password guest API endpoint reuse the existing token instead of...

7.7CVSS6AI score0.00215EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/04 5:58 p.m.9 views

EUVD-2026-41687

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

5.9AI score0.00172EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

UBUNTU-CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38655

The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.8AI score0.00135EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 12:49 a.m.16 views

EUVD-2026-38641

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 2:25 p.m.36 views

CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS0.00408EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 9:9 p.m.31 views

CVE-2026-54017 Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...

7.7CVSS0.00349EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2024-55627

Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...

7.1CVSS5.1AI score0.00241EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36789

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...

5.2AI score0.00326EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.12 views

CVE-2026-50882

An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS0.00324EPSS
Exploits0References1
Rows per page
Query Builder