Vulnerabilidades em open-webui
100 resultadosCVE-2024-7959HIGHSSRF in open-webui/open-webuiEPSS 24.5%CVE-2025-64496HIGHOpen WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE EventsEPSS 7.6%CVE-2026-34222HIGHOpen WebUI has Broken Access Control in Tool ValvesEPSS 5.3%CVE-2025-65958HIGHOpen WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/webEPSS 4.0%CVE-2026-28788HIGHOpen WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwriteEPSS 2.9%CVE-2024-7034MEDIUMRemote Code Execution due to Arbitrary File Write in open-webui/open-webuiEPSS 2.5%CVE-2026-44551CRITICALOpen WebUI: LDAP Empty Password Authentication BypassEPSS 1.5%CVE-2024-7033MEDIUMArbitrary File Write in open-webui/open-webuiEPSS 1.1%CVE-2024-7037MEDIUMArbitrary File Write/Delete Leading to RCE in open-webui/open-webuiEPSS 1.0%CVE-2024-7990HIGHStored Cross-Site Scripting in open-webui/open-webuiEPSS 0.9%CVE-2024-8060HIGHRemote Code Execution in OpenWebUI via Arbitrary File UploadEPSS 0.9%CVE-2024-12537HIGHUnauthenticated Denial of Service in open-webui/open-webuiEPSS 0.9%CVE-2024-7983HIGHDenial of Service in open-webui/open-webuiEPSS 0.8%CVE-2024-12534HIGHDenial of Service (DoS) in open-webui/open-webuiEPSS 0.8%CVE-2024-7036HIGHDenial of Service in open-webui/open-webuiEPSS 0.8%CVE-2026-45397MEDIUMOpen WebUI: Unauthenticated RAG Configuration DisclosureEPSS 0.7%CVE-2024-7053HIGHSession Fixation in open-webui/open-webuiEPSS 0.7%CVE-2024-7039HIGHImproper Privilege Management in open-webui/open-webuiEPSS 0.6%CVE-2024-8053HIGHImproper Authentication in open-webui/open-webuiEPSS 0.6%CVE-2024-7043HIGHImproper Access Control in open-webui/open-webuiEPSS 0.6%