|
2931
|
8.8 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter …
|
CWE-863
Incorrect Authorization
|
CVE-2026-45672
|
2026-05-20 01:39 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2932
|
8.7 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload c…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44549
|
2026-05-20 01:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2933
|
8.1 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTT…
|
CWE-22
Path Traversal
|
CVE-2026-44565
|
2026-05-20 01:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2934
|
7.1 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated…
|
CWE-862
Missing Authorization
|
CVE-2026-44569
|
2026-05-20 01:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2935
|
7.3 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of us…
|
CWE-602
CWE-863
Client-Side Enforcement of Server-Side Security
Incorrect Authorization
|
CVE-2026-44567
|
2026-05-20 01:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2936
|
6.5 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-29207
|
2026-05-20 01:37 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2937
|
6.5 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to v…
|
CWE-22
Path Traversal
|
CVE-2026-29220
|
2026-05-20 01:37 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2938
|
6.5 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-31380
|
2026-05-20 01:37 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2939
|
5.3 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Authentication vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
|
CWE-287
Improper Authentication
|
CVE-2026-31387
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2940
|
5.3 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixe…
|
CWE-284
Improper Access Control
|
CVE-2026-31388
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
