Lucene search
K
GithubRecent

33255 matches found

Github Security Blog
Github Security Blog
added 2026/05/15 6:25 p.m.19 views

Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`

Summary Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a local .tar.gz that is not recognized as a plugin-format bundle, APM probes whether it is a...

5.5CVSS6.1AI score0.0061EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 6:17 p.m.16 views

AVideo's Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the uploaded filename and calls passwordless `User->login()`, allowing any caller with the Meet shared secret to obtain a session as arbitrary users including admin

Summary Type: Authorization-bypass via user-controlled identifier. The Meet plugin's recorded-video upload endpoint plugin/Meet/uploadRecordedVideo.json.php authenticates the caller using a single shared Authorization: Bearer against $objM-secret. Once that check passes, the endpoint reads the...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 6:13 p.m.21 views

arnika is affected by medium-severity issues in UDP rotation, PQC handling, and KMS TLS

Summary Three medium-severity issues in arnika affecting the UDP key-rotation protocol, PQC key file handling, and KMS TLS client. All require specific preconditions to exploit and do not allow direct code execution or immediate key extraction. A self-contained PoC is attached. Details 1 ACK...

6.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 6:9 p.m.20 views

rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution

InlineVec::clear and SerVec::clear in rkyv were not panic-safe. Both functions iterate over their elements and call dropinplace on each, updating self.len only after the loop. If an element's Drop implementation panics during the loop, self.len is left at its original value. A subsequent invocati...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 6:7 p.m.17 views

SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

Summary simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into...

8.6CVSS5.8AI score0.00422EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 6:1 p.m.18 views

Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint

Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the requested storage object is not bound to the authorized entity instance, an authenticated Sharp user wh...

7.7CVSS5.9AI score0.00262EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 5:59 p.m.21 views

Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL

Summary Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET /api/datasources/:datasourceId. Every authenticated...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 5:53 p.m.17 views

Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration

Summary The REST datasource integration follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecting through an attacker-controlled server. The same vulnerability class was already patched in...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 5:47 p.m.16 views

Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticate...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 5:41 p.m.18 views

Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation

Am I affected? Users are affected if all of the following are true: - Their app uses better-auth at a version 1.4.17, or at a v1.5 prerelease tagged = 1.5.0-beta.8. - The apps authentication endpoints serve clients reachable over IPv6. Most managed hosts including Cloudflare, Vercel, Fly.io, AWS...

7.3CVSS5.8AI score0.00295EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 5:33 p.m.38 views

Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE

Am I affected? Users are affected if all of the following are true: - The application uses better-auth at a version below 1.6.2 or @better-auth/sso paired with such a version. - betterAuth account: storeStateStrategy is set to "cookie". The default "database" is not affected. - The application...

6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 5:17 p.m.39 views

goshs: SSH host key verification disabled, allowing transparent MITM of every tunnelled HTTP request

Summary The --tunnel / -t flag opens an outbound SSH connection to localhost.run:22 with HostKeyCallback: ssh.InsecureIgnoreHostKey. The Go documentation for that function states verbatim: "It should not be used for production code." With the callback disabled the client accepts any host key the...

5.7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 5:14 p.m.15 views

Weblate: Stored HTML injection in editor search preview

Impact Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. Patches...

4.6CVSS5.8AI score0.00208EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 5:9 p.m.12 views

FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

Summary The splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead FrankenPHP into treating a non-.php file as a .php script. In any deployment where the...

8.1CVSS6.5AI score0.00568EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 4:55 p.m.14 views

Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Summary A path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder flag, it exposes a GET /files/filename:path download endpoint. The filename path parameter is concatenated directly onto args.folder with no...

7.5CVSS5.9AI score0.00423EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 4:45 p.m.12 views

NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class

Impact NukeViet CMS , which are stored server-side and executed in the browser of any user who views the content. Who is impacted: - Administrators and moderators who view user-submitted content e.g., contact messages, comments, or any module using the Request class for HTML input. - The Contact...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 4:31 p.m.12 views

nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches...

7.5CVSS6AI score0.00626EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 4:27 p.m.10 views

@joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files

Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...

8.2CVSS6.2AI score0.00206EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 4:21 p.m.11 views

SimpleSAMLphp casserver: Open Redirect in logout

Summary The logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. There are a number of other things broke...

6.1CVSS5.8AI score0.00269EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 3:30 p.m.5 views

smtp-server's command parser memory exhaustion denial-of-service

smtp-server prior to v3.18.3 are vulnerable to unauthenticated memory exhaustion denial-of-service. smtp-server's command parser allows any remote client to consume server memory by sending data without newline characters. The server's remainder buffer in SMTPStream.write grows without limit,...

7.5CVSS6AI score0.00572EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 2:0 p.m.23 views

Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program

The security research community is one of GitHub's greatest assets. Every year, researchers from around the world help us find and fix vulnerabilities, making the platform safer for over 180 million developers. Our bug bounty program exists because we believe that collaboration with external...

5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/15 3:30 a.m.11 views

MLflow: unauthenticated access to certain FastAPI routes

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS7.4AI score0.01502EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 9:30 p.m.10 views

Crabbox: environment variable exposure vulnerability

Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit...

9.3CVSS5.8AI score0.00742EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 9:30 p.m.16 views

Crabbox: authentication bypass vulnerability that allows impersonation of others by spoofing identity headers

Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 9:14 p.m.25 views

vm2 Has a Sandbox Breakout Using Async Generator

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details It is possible to catch a host exception using the yield expression inside an async generator. When the...

9.8CVSS6.2AI score0.00568EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:56 p.m.12 views

python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection

Summary prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with the Command Injection vulnerability CWE-78 in substituteutcpargs tracked as GHSA-33p6-5jxp-p3x4, an attacker can exfiltrate all process-level secrets in a single...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:56 p.m.14 views

utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol

Summary The substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix or powershell.exe -Command Windows, allowing an attacker to...

8.3CVSS6AI score0.00272EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:55 p.m.13 views

@ranfdev/deepobj has a Prototype Pollution vulnerability

Impact Prototype pollution is possible when property paths contain proto/constructor/prototype. The property path must not be exposed as user input...

8.2CVSS5.4AI score0.00316EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:55 p.m.21 views

@utcp/http: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

Summary The @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTTPS / loopback allowlist, but callTool reuses the resolved...

4.7CVSS6AI score0.00122EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:52 p.m.21 views

slack-go `SecretsVerifier` accepts empty signing secret without precondition

SecretsVerifier in slack-go/slack before v0.23.1 accepts an empty signing secret without error. If an application is misconfigured e.g., an unset or empty SLACKSIGNINGSECRET, NewSecretsVerifier builds an HMAC-SHA256 keyed with an empty string, allowing an unauthenticated attacker to forge a valid...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:46 p.m.11 views

Marten has an injection vulnerability in its full-text search regConfig parameter

Summary Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to untrusted input a SQL injection sink. Affected APIs - IQuerySession.SearchAsyncstring...

9.8CVSS6.1AI score0.00375EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:44 p.m.9 views

@samanhappy/mcphub: SSE Endpoint Accepts Arbitrary Username from URL Path Without Authentication, Enabling User Impersonation

Summary A critical identity spoofing vulnerability in MCPHub allows any unauthenticated user to impersonate any other user — including administrators — on SSE Server-Sent Events and MCP transport endpoints. The server accepts a username from the URL path parameter and creates an internal user...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:30 p.m.47 views

Svelte: SSR XSS via Insecure Promise Serialization in hydratable

Contents of hydratable promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true: - you are using hydratable an experimental feature at the time of this report - you are passing attacker-controlled input such that a synchrono...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:30 p.m.13 views

electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

9.1CVSS5.8AI score0.00105EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.13 views

Electerm Local code through electerm's single-instance socket

Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...

9.3CVSS6.2AI score0.00114EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.12 views

DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files

Summary The taskcreate tool spawns durable sub-agents that inherit two insecure defaults: - allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue - autoapprove defaults to true taskmanager.rs:297: autoapprove: Sometrue When a user approves a taskcreate call which requires...

9.6CVSS5.8AI score0.0026EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.15 views

DeepSeek TUI has SSRF‌ IPV6 bypass

Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. Details...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.19 views

DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval

Summary The runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. The source code explicitly states this design choice: rust fn approvalrequirement&self - ApprovalRequirement // Tests are encouraged, so avoid gating th...

9.6CVSS6.5AI score0.00375EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.17 views

DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool

Summary The fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks. However, the HTTP client reqwest is configured to automatically follo...

7.4CVSS5.8AI score0.00226EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.11 views

Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...

8.1CVSS5.8AI score0.00319EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.8 views

Svelte: ReDoS in `<svelte:element>` Tag Validation

An internal regex in the Svelte runtime can take exponential time to test in . You are only vulnerable to this if you allow tags of unconstrained length. If your application only allows a predetermined list of tags or trims their length before passing them to svelte:element, you are safe...

7.5CVSS5.8AI score0.00421EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:28 p.m.23 views

Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts

Summary The LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, line 663 was explicitly patched to prevent this race with the comment "Insert with default role first to avoid...

8.1CVSS5.8AI score0.00354EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:28 p.m.11 views

Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed

Summary The /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is not enforced on the API endpoint — the configuration says "disabled" but code still executes. Details The...

8.8CVSS6.5AI score0.00406EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:28 p.m.9 views

Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion

Summary Any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile authorization gate unconditionally grants access through its shared-chat branch. It checks neither the requesting...

8CVSS5.7AI score0.0027EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:28 p.m.13 views

Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)

Summary GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDINGFUNCTION.... This allows any unauthenticated caller to trigger embedding generation which can lead to direct cost exposure if a paid provider is used. Code reference:...

6.5CVSS5.8AI score0.00341EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:27 p.m.11 views

Open WebUI has an Indirect Object Reference (IDOR) in user notes

Summary The API /api/v1/notes/noteid endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. This results in unauthorized disclosure of potentially sensitive or private user data. Details - if notes is...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:27 p.m.11 views

Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. This vulnerability allows a compromised or malicious administrator to plant a malicious payload in the global...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:27 p.m.13 views

Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints

Cross-User File Access via Unchecked fileid in Folder Knowledge and Knowledge-Base Attach Endpoints Summary Multiple endpoints accept a user-supplied fileid and attach the referenced file to a resource the caller controls folder knowledge, knowledge-base contents without verifying that the caller...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:27 p.m.18 views

Open WebUI vulnerable to stored XSS via OAuth picture claim stored as SVG data URI in profile_image_url

Summary When a user signs in via OAuth, Open WebUI fetches the picture claim URL, infers a MIME type from the URL extension via mimetypes.guesstype, and stores data:;base64,... as the user's profile image. The OAuth code path does not go through the validateprofileimageurl Pydantic validator that...

8.7CVSS6AI score0.00467EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:27 p.m.13 views

Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958)

Server-Side Request Forgery SSRF Bypass via HTTP Redirect Following in Web-Fetch, Image-Load, and Chat-Completion Endpoints Summary The validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync...

8.5CVSS5.9AI score0.003EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities33255