Lucene search
K

4976 matches found

vulnersOsv
vulnersOsv
added 2026/05/14 8:18 p.m.6 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45331 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45331 Source advisory: OSV:GHSA-4V7R-F4W8-8972...

8.5CVSS7.2AI score0.00286EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:18 p.m.6 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45331 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45331 Source advisory: SNYK:PYTHON-OPENWEBUI-16735448...

8.5CVSS7.2AI score0.00286EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:18 p.m.6 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45317 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45317 Source advisory: SNYK:PYTHON-OPENWEBUI-16755218...

4.6CVSS5.7AI score0.00165EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:18 p.m.7 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45316 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45316 Source advisory: SNYK:PYTHON-OPENWEBUI-16725014...

3.5CVSS5.7AI score0.00218EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:18 p.m.6 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45316 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45316 Source advisory: OSV:GHSA-JX2X-J75F-XQ3J...

3.5CVSS5.7AI score0.00218EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:18 p.m.8 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45314 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45314 Source advisory: SNYK:PYTHON-OPENWEBUI-16725449...

7.4CVSS6.3AI score0.00212EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/05/14 8:17 p.m.10 views

Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions

Summary The audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serves these files via FileResponse, which sets Content-Type from the on-disk extension and emits no...

8.7CVSS6.2AI score0.0018EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/14 8:16 p.m.8 views

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-45303 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-45303 Source advisory: OSV:GHSA-4VRC-M9CH-6M3R...

7.7CVSS5.8AI score0.00217EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:15 p.m.9 views

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-45299 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-45299 Source advisory: OSV:GHSA-6GH2-Q7CP-9QF6...

5.4CVSS5.8AI score0.00199EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/14 4:8 p.m.7 views

CVE-2026-20210 Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-41179

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description An issue exists where a user can continue the conversation of another user if the target user's Chat ID is known. This occurs because the system fails to verify if the Chat ID matches the user who...

7.1CVSS5.8AI score0.00231EPSS
Exploits1References6
NVD
NVD
added 2026/05/13 7:17 p.m.12 views

CVE-2026-0261

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

8.6CVSS0.01336EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.44 contained a path traversal vulnerability. This vulnerability stemmed from path traversal within the session import endpoint, which could allow authentication attacke...

6.5CVSS5.9AI score0.00376EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/11 2:25 p.m.14 views

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the memories API endpoints. An attacker can access, delete, restore, and view the contents of other users' data by sending crafted requests to endpoints suc...

8.3CVSS5.8AI score0.00294EPSS
Exploits1References2
OSV
OSV
added 2026/05/11 2:2 p.m.30 views

GHSA-6XCP-7MPR-M7WM Open WebUI has a CORS misconfiguration and session validation issue

GitHub Security Lab GHSL Vulnerability Report, open-webui: GHSL-2024-174, GHSL-2024-175 The GitHub Security Lab team has identified potential security vulnerabilities in open-webui. We are committed to working with you to help resolve these issues. In this report you will find everything you need...

8.3CVSS6.6AI score
Exploits0References2
Circl
Circl
added 2026/05/10 7:56 p.m.13 views

CVE-2026-45402

creationtimestamp| type| source ---|---|--- 2026-05-10 19:56:26+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-r472-mw7m-967f...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References1
Circl
Circl
added 2026/05/10 7:37 p.m.9 views

CVE-2026-45399

creationtimestamp| type| source ---|---|--- 2026-05-10 19:37:29+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-8jjp-r2w2-4v22...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References1
Circl
Circl
added 2026/05/10 7:31 p.m.10 views

CVE-2026-45387

creationtimestamp| type| source ---|---|--- 2026-05-10 19:31:55+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-h2cw-7qw9-56xr...

4.3CVSS5.8AI score0.0022EPSS
Exploits1References1
Circl
Circl
added 2026/05/10 11:15 a.m.9 views

CVE-2026-45365

creationtimestamp| type| source ---|---|--- 2026-05-10 11:15:24+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-v6qf-75pr-p96m...

5.4CVSS5.8AI score0.00193EPSS
Exploits1References1
Circl
Circl
added 2026/05/09 11:30 p.m.12 views

CVE-2026-45350

creationtimestamp| type| source ---|---|--- 2026-05-09 23:30:56+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-4pcg-253r-rf9w...

7.1CVSS5.8AI score0.0026EPSS
Exploits1References1
Rows per page
Query Builder