Lucene search
K

4976 matches found

CVE
CVE
added 2026/05/15 9:46 p.m.23 views

CVE-2026-45338

Open WebUI CVE-2026-45338 describes an SSRF in _process_picture_url() (oauth.py) where the server fetches URLs from OAuth picture claims without validate_url(), enabling requests to internal resources and exfiltration of the full response. Affected software before the fix: Open WebUI prior to ver...

7.7CVSS6AI score0.00381EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/15 9:3 p.m.40 views

CVE-2026-44569 Open WebUI: Insecure Message Access Breaks Authorization

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability...

7.1CVSS0.00266EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 8:40 p.m.25 views

CVE-2026-45400

CVE-2026-45400 relates to Open WebUI SSRF bypass in validate_url caused by a mismatch between urlparse and requests hostname handling. Before version 0.9.5, URLs like http://127.0.0.1:[email protected] could pass validation because hostname parsing treated the public IP (1.1.1.1) as the target, while ...

8.5CVSS5.8AI score0.00292EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/14 8:28 p.m.8 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45675 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45675 Source advisory: OSV:GHSA-H3WW-Q6XX-W7X3...

8.1CVSS7.2AI score0.00354EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:28 p.m.9 views

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-45672 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-45672 Source advisory: SNYK:PYTHON-OPENWEBUI-16725766...

8.8CVSS5.8AI score0.00406EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/05/14 8:28 p.m.6 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45671 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45671 Source advisory: OSV:GHSA-26G9-27VM-X3Q8...

8CVSS7.1AI score0.0027EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:27 p.m.9 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by unknown CVE via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: SNYK:PYTHON-OPENWEBUI-16725481...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/14 8:27 p.m.5 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45401 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45401 Source advisory: SNYK:PYTHON-OPENWEBUI-16735624...

8.5CVSS7.2AI score0.003EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:27 p.m.6 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45401 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45401 Source advisory: OSV:GHSA-RH5X-H6PP-CJJ6...

8.5CVSS7.2AI score0.003EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:27 p.m.7 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45400 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45400 Source advisory: SNYK:PYTHON-OPENWEBUI-16755281...

8.5CVSS7.2AI score0.00292EPSS
Exploits1
OSV
OSV
added 2026/05/14 8:27 p.m.7 views

GHSA-8W7Q-Q5JP-JVGX Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`

Summary In the open-webui project, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. Details In the current project, URL validation is performed using the function validateurl. The current checking logic uses urlparse to parse the hostname part ...

8.5CVSS5.9AI score0.00292EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/05/14 8:26 p.m.8 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45399 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45399 Source advisory: OSV:GHSA-8JJP-R2W2-4V22...

7.1CVSS7AI score0.0027EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:26 p.m.6 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45399 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45399 Source advisory: SNYK:PYTHON-OPENWEBUI-16725768...

7.1CVSS7AI score0.0027EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:26 p.m.8 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45397 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45397 Source advisory: OSV:GHSA-65PG-QHHW-MXWG...

5.3CVSS6AI score0.0072EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:26 p.m.8 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45396 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45396 Source advisory: OSV:GHSA-RJMP-VJF2-QF4G...

5.4CVSS6AI score0.00307EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:26 p.m.5 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45395 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45395 Source advisory: SNYK:PYTHON-OPENWEBUI-16735131...

7.2CVSS7AI score0.00437EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:26 p.m.8 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.8 <=0.1.10) +1 more potentially affected by CVE-2026-45387 via open-webui (=0.8.8)

open-webui PYPI version =0.8.8 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - hubzoid =0.2.2, =0.1.8, =0.1.0, =0.1.5 Source cves: CVE-2026-45387 Source advisory: SNYK:PYTHON-OPENWEBUI-16755446...

4.3CVSS5.7AI score0.0022EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:25 p.m.5 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45385 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45385 Source advisory: SNYK:PYTHON-OPENWEBUI-16755173...

4.3CVSS5.7AI score0.00204EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:25 p.m.9 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45385 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45385 Source advisory: OSV:GHSA-WWHQ-CX22-F7VV...

4.3CVSS5.7AI score0.00204EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:24 p.m.5 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45349 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45349 Source advisory: OSV:GHSA-GFM2-XM6C-37QC...

7.1CVSS7AI score0.00231EPSS
Exploits1
Rows per page
Query Builder