Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,297
Quick preset (or use dates below)
Clear Filters
Showing 21 - 40 of 143,208 CVEs
CVE-2026-59225 MEDIUM - 5.4

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The normal...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-59224 HIGH - 8.0

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/open_webui/routers/terminals.py built the ws_terminal upstream URL from an unencoded session_id and appended user_id as a query parameter, allowing query injection to make the terminal back...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-59223 MEDIUM - 4.3

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEB_FETCH_FILTER_LIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL pa...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers[].key and webhook configuration, allowing a normal channel part...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-59220 MEDIUM - 6.5

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILL_MENTION_RE and strip_re regular expressions in backend/open_webui/utils/middleware.py parsed <$skillId|label> skill mentions with overlapping quantifiers, allowing an authe...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-59219 HIGH - 7.1

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_to...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-59218 MEDIUM - 5.3

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the /api/v1/auths/signin endpoint looked users up by email and only ran bcrypt password verification when a credential existed, making registered-account attempts measurably slower than missing-ema...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-59217 MEDIUM - 4.3

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the file upload path accepted metadata.knowledge_id and auto-linked uploaded files to a target knowledge base without applying the write-access check used by /api/v1/knowledge//file/add, allowing r...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-59216 HIGH - 7.7

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, get_event_call delivered execute:python and execute:tool Socket.IO events to a client-supplied session_id after checking only that the session was connected, allowing authenticated users who learne...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parent_id to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose thre...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-59214 HIGH - 7.3

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue auth...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, get_all_models handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of key_builder, causing permission-filtered per-user model lists to share a stat...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-59212 MEDIUM - 5.4

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, _verify_knowledge_file_access only checked read access while file write and delete routes later trusted object-derived access through writable model meta.knowledge entries, allowing a user...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and ex...

Vendor: n8n-io
Product: n8n
Published: Jul 09, 2026
Source: NVD
CVE-2026-58459 HIGH - 7.8

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The subtype...

Vendor: ntpsec
Product: gpsd
Published: Jul 09, 2026
Source: NVD
CVE-2026-53987 MEDIUM - 6.4

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights...

Vendor: pluginsGLPI
Product: GLPI 11
Published: Jul 09, 2026
Source: NVD
CVE-2026-51606 HIGH - 7.5

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response. T...

Published: Jul 09, 2026
Source: NVD
CVE-2026-51605 HIGH - 7.5

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.991) allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request.

Published: Jul 09, 2026
Source: NVD
CVE-2026-51604 HIGH - 7.5

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request.

Published: Jul 09, 2026
Source: NVD
CVE-2026-51603 HIGH - 7.5

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a ...

Published: Jul 09, 2026
Source: NVD