Vulnerabilidades em open-webui
100 resultadosCVE-2024-7040MEDIUMImproper Access Control in open-webui/open-webuiEPSS 0.6%CVE-2024-8017CRITICALCross-site Scripting (XSS) in open-webui/open-webuiEPSS 0.6%CVE-2024-7044MEDIUMStored XSS in open-webui/open-webuiEPSS 0.5%CVE-2026-44565HIGHOpen WebUI: Open WebUI Arbitrary File Write, Delete via Path TraversalEPSS 0.5%CVE-2025-64495HIGHOpen WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCEEPSS 0.4%CVE-2024-7806HIGHRemote Code Execution by Non-Admin Users via CSRF in open-webui/open-webuiEPSS 0.4%CVE-2026-45395HIGHOpen WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code ExecutionEPSS 0.4%CVE-2025-46719MEDIUMOpen WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functionsEPSS 0.4%CVE-2026-28786MEDIUMOpen WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`EPSS 0.4%CVE-2024-30256MEDIUMOpen WebUI vulnerable to server-side request forgery in utils.pyEPSS 0.4%CVE-2026-45672HIGHOpen WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassedEPSS 0.4%CVE-2024-7045MEDIUMImproper Access Control in open-webui/open-webuiEPSS 0.4%CVE-2024-7046MEDIUMImproper Access Control in open-webui/open-webuiEPSS 0.4%CVE-2026-45338HIGHOpen WebUI: SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)EPSS 0.4%CVE-2026-54017HIGHOpen WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversalEPSS 0.4%CVE-2026-44560MEDIUMOpen WebUI: Unauthorized File and Knowledge Base Content Access via RAG Vector SearchEPSS 0.4%CVE-2024-7048MEDIUMIDOR in open-webui/open-webuiEPSS 0.4%CVE-2024-7041MEDIUMIDOR in open-webui/open-webuiEPSS 0.4%CVE-2026-45675HIGHOpen WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin AccountsEPSS 0.4%CVE-2026-45402HIGHOpen WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach EndpointsEPSS 0.3%