4991 matches found
CVE-2026-0261
Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...
Hermes Web UI 路径遍历漏洞
Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.44 contained a path traversal vulnerability. This vulnerability stemmed from path traversal within the session import endpoint, which could allow authentication attacke...
Authorization Bypass Through User-Controlled Key
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the memories API endpoints. An attacker can access, delete, restore, and view the contents of other users' data by sending crafted requests to endpoints suc...
GHSA-6XCP-7MPR-M7WM Open WebUI has a CORS misconfiguration and session validation issue
GitHub Security Lab GHSL Vulnerability Report, open-webui: GHSL-2024-174, GHSL-2024-175 The GitHub Security Lab team has identified potential security vulnerabilities in open-webui. We are committed to working with you to help resolve these issues. In this report you will find everything you need...
CVE-2026-45402
creationtimestamp| type| source ---|---|--- 2026-05-10 19:56:26+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-r472-mw7m-967f...
CVE-2026-45399
creationtimestamp| type| source ---|---|--- 2026-05-10 19:37:29+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-8jjp-r2w2-4v22...
CVE-2026-45387
creationtimestamp| type| source ---|---|--- 2026-05-10 19:31:55+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-h2cw-7qw9-56xr...
CVE-2026-45365
creationtimestamp| type| source ---|---|--- 2026-05-10 11:15:24+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-v6qf-75pr-p96m...
CVE-2026-45350
creationtimestamp| type| source ---|---|--- 2026-05-09 23:30:56+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-4pcg-253r-rf9w...
CVE-2026-42571 Privilege Escalation Attack affecting Pelican Web UI
Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI. This attack allows any user...
CVE-2026-42571
Pelican Web UI privilege escalation affects multiple series (7.21.x before 7.21.5, 7.22.x before 7.22.3, 7.23.x before 7.23.3, 7.24.x before 7.24.2). An authenticated WebUI user via OAuth can gain admin privileges under certain configurations. Patches are available in 7.21.5, 7.22.3, 7.23.3, and ...
CVE-2026-45317
creationtimestamp| type| source ---|---|--- 2026-05-09 08:03:05+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-j6w6-986j-2m2m...
CVE-2026-45318
creationtimestamp| type| source ---|---|--- 2026-05-09 08:02:58+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-hcwp-82g6-8wxc...
CVE-2026-45316
creationtimestamp| type| source ---|---|--- 2026-05-09 08:02:53+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-jx2x-j75f-xq3j...
CVE-2026-7946
An insufficient policy enforcement flaw was found in the WebUI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496016840...
hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44568 via open-webui (>=0.6.0 <=0.8.8)
open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44568 Source advisory: OSV:GHSA-FQ3V-XJJX-95RC...
hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44560 via open-webui (>=0.6.0 <=0.8.8)
open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44560 Source advisory: OSV:GHSA-H36F-RQPX-J5WX...
hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44561 via open-webui (>=0.6.0 <=0.8.8)
open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44561 Source advisory: OSV:GHSA-HMGR-67HW-J2CQ...
Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels
Deactivated Channel Members Retain Full Access to Group/DM Channels Affected Component Channel membership authorization check: - backend/openwebui/models/channels.py lines 663-673, isuserchannelmember - Used at 15 locations in backend/openwebui/routers/channels.py Affected Versions Current main...
hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44564 via open-webui (>=0.6.0 <=0.8.8)
open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44564 Source advisory: OSV:GHSA-VRFH-RJ4Q-RMHR...