4976 matches found
OPENSUSE-SU-2026:11128-1 agama-web-ui-22+143.ee15dea20-46.1 on GA media
These are all security issues fixed in the agama-web-ui-22+143.ee15dea20-46.1 package on the GA media of openSUSE Tumbleweed...
EUVD-2026-37516
Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication...
GHSA-JM82-FX9C-MX94 vulnerabilities
Vulnerabilities for packages: nemo, open-webui...
CVE-2026-54531 vulnerabilities
Vulnerabilities for packages: open-webui...
GO-2026-5632 Pelican Web UI Affected by a Privilege Escalation Attack in github.com/pelicanplatform/pelican
Pelican Web UI Affected by a Privilege Escalation Attack in github.com/pelicanplatform/pelican...
Oracle Linux 9 : pcs (ELSA-2026-19167)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19167 advisory. 0.11.11-2.el98.1 - Fixed CVE-2026-4800 by updating pcs-web-ui to 0.1.24.3 Resolves: RHEL-164206 Tenable has extracted the preceding description block directly...
CVE-2026-54014
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache...
CVE-2026-54014 Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache...
CVE-2026-11372 IBM TRIRIGA Cross-Site Scripting Vulnerability
IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2026-54017 Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...
Cisco Catalyst SD-WAN Manager Arbitrary File Write (cisco-sa-sdwan-arbfw-c2rZvQ)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem o...
GHSA-CJ93-CHG6-VGV8 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-248M-82V9-Q6G6 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-6VGG-XHVH-38FF nebula-mesh: POST /api/v1/hosts/{id}/mobile-bundle response lacks Cache-Control: no-store
internal/api/mobilebundle.go:62-66 sets only Content-Type: application/yaml. The Web-UI sibling at internal/web/handlers.go:1316-1321 sets Cache-Control: no-store, Pragma: no-cache, Expires: 0, X-Content-Type-Options: nosniff — and has a test asserting it. The API path was missed. Affected All...
nebula-mesh: POST /api/v1/hosts/{id}/mobile-bundle response lacks Cache-Control: no-store
internal/api/mobilebundle.go:62-66 sets only Content-Type: application/yaml. The Web-UI sibling at internal/web/handlers.go:1316-1321 sets Cache-Control: no-store, Pragma: no-cache, Expires: 0, X-Content-Type-Options: nosniff — and has a test asserting it. The API path was missed. Affected All...
CVE-2026-54022
creationtimestamp| type| source ---|---|--- 2026-06-11 19:14:16+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-8788-j68r-3cgh...
CVE-2026-54019
creationtimestamp| type| source ---|---|--- 2026-06-11 19:09:52+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-p5cp-r7rg-qpxc...
CVE-2026-54016
creationtimestamp| type| source ---|---|--- 2026-06-11 19:06:16+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-cx9v-4qj2-jrw6...
CVE-2026-54015
creationtimestamp| type| source ---|---|--- 2026-06-11 19:05:34+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-4r4w-2wgp-w7cj...
CVE-2026-54014
creationtimestamp| type| source ---|---|--- 2026-06-11 19:04:46+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-j2c8-v969-8r5c...