Lucene search
+L

4991 matches found

NVD
NVD
added 2026/05/13 7:17 p.m.14 views

CVE-2026-0261

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

8.6CVSS0.01403EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.44 contained a path traversal vulnerability. This vulnerability stemmed from path traversal within the session import endpoint, which could allow authentication attacke...

6.5CVSS5.9AI score0.00376EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/11 2:25 p.m.16 views

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the memories API endpoints. An attacker can access, delete, restore, and view the contents of other users' data by sending crafted requests to endpoints suc...

8.3CVSS5.8AI score0.00294EPSS
Exploits1References2
OSV
OSV
added 2026/05/11 2:2 p.m.30 views

GHSA-6XCP-7MPR-M7WM Open WebUI has a CORS misconfiguration and session validation issue

GitHub Security Lab GHSL Vulnerability Report, open-webui: GHSL-2024-174, GHSL-2024-175 The GitHub Security Lab team has identified potential security vulnerabilities in open-webui. We are committed to working with you to help resolve these issues. In this report you will find everything you need...

8.3CVSS6.6AI score0.00281EPSS
Exploits1References2
Circl
Circl
added 2026/05/10 7:56 p.m.13 views

CVE-2026-45402

creationtimestamp| type| source ---|---|--- 2026-05-10 19:56:26+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-r472-mw7m-967f...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References1
Circl
Circl
added 2026/05/10 7:37 p.m.10 views

CVE-2026-45399

creationtimestamp| type| source ---|---|--- 2026-05-10 19:37:29+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-8jjp-r2w2-4v22...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References1
Circl
Circl
added 2026/05/10 7:31 p.m.11 views

CVE-2026-45387

creationtimestamp| type| source ---|---|--- 2026-05-10 19:31:55+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-h2cw-7qw9-56xr...

4.3CVSS5.8AI score0.0022EPSS
Exploits1References1
Circl
Circl
added 2026/05/10 11:15 a.m.9 views

CVE-2026-45365

creationtimestamp| type| source ---|---|--- 2026-05-10 11:15:24+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-v6qf-75pr-p96m...

5.4CVSS5.8AI score0.00193EPSS
Exploits1References1
Circl
Circl
added 2026/05/09 11:30 p.m.12 views

CVE-2026-45350

creationtimestamp| type| source ---|---|--- 2026-05-09 23:30:56+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-4pcg-253r-rf9w...

7.1CVSS5.8AI score0.0026EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/09 7:19 p.m.7 views

CVE-2026-42571 Privilege Escalation Attack affecting Pelican Web UI

Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI. This attack allows any user...

9CVSS5.7AI score0.0032EPSS
Exploits0References2
CVE
CVE
added 2026/05/09 7:19 p.m.22 views

CVE-2026-42571

Pelican Web UI privilege escalation affects multiple series (7.21.x before 7.21.5, 7.22.x before 7.22.3, 7.23.x before 7.23.3, 7.24.x before 7.24.2). An authenticated WebUI user via OAuth can gain admin privileges under certain configurations. Patches are available in 7.21.5, 7.22.3, 7.23.3, and ...

9CVSS5.7AI score0.0032EPSS
Exploits0References2
Circl
Circl
added 2026/05/09 8:3 a.m.13 views

CVE-2026-45317

creationtimestamp| type| source ---|---|--- 2026-05-09 08:03:05+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-j6w6-986j-2m2m...

4.6CVSS5.8AI score0.00165EPSS
Exploits1References1
Circl
Circl
added 2026/05/09 8:2 a.m.12 views

CVE-2026-45318

creationtimestamp| type| source ---|---|--- 2026-05-09 08:02:58+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-hcwp-82g6-8wxc...

5.4CVSS5.8AI score0.00209EPSS
Exploits1References1
Circl
Circl
added 2026/05/09 8:2 a.m.11 views

CVE-2026-45316

creationtimestamp| type| source ---|---|--- 2026-05-09 08:02:53+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-jx2x-j75f-xq3j...

3.5CVSS5.8AI score0.00218EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/08 10:33 p.m.11 views

CVE-2026-7946

An insufficient policy enforcement flaw was found in the WebUI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496016840...

8.7CVSS5.7AI score0.00199EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/05/08 10:21 p.m.5 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44568 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44568 Source advisory: OSV:GHSA-FQ3V-XJJX-95RC...

4.8CVSS5.7AI score0.0017EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/08 8:3 p.m.5 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44560 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44560 Source advisory: OSV:GHSA-H36F-RQPX-J5WX...

6.5CVSS5.7AI score0.00366EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/08 8:1 p.m.7 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44561 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44561 Source advisory: OSV:GHSA-HMGR-67HW-J2CQ...

5.4CVSS5.7AI score0.00178EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/05/08 8:1 p.m.14 views

Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

Deactivated Channel Members Retain Full Access to Group/DM Channels Affected Component Channel membership authorization check: - backend/openwebui/models/channels.py lines 663-673, isuserchannelmember - Used at 15 locations in backend/openwebui/routers/channels.py Affected Versions Current main...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/08 8:0 p.m.7 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44564 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44564 Source advisory: OSV:GHSA-VRFH-RJ4Q-RMHR...

5.4CVSS5.7AI score0.0022EPSS
Exploits1
Rows per page
Query Builder