5 matches found
GHSA-9MVC-8737-8J8H vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2025-31965
Improper access restrictions in HCL BigFix Remote Control Server WebUI versions 10.1.0.0248 and lower allow non-admin users to view unauthorized information on certain web pages...
CVE-2025-49835
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py openasr function. asrinpdir and a number of other variables takes user input, which is passed to the openasr function, which concatenates the...
Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read
In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt...
LifeSize Room 5.0.9 - Multiple Vulnerabilities
Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware, many similar very bugs in the WebUI exist and thier support...