| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-0767 | Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability | Open WebUI | Open WebUI | 中危 | - | 2026-01-23 03:28:40 | Deep Dive |
| CVE-2026-0766 | Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability | Open WebUI | Open WebUI | 高危 | - | 2026-01-23 03:28:36 | Deep Dive |
| CVE-2026-0765 | Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability | Open WebUI | Open WebUI | 高危 | - | 2026-01-23 03:28:32 | Deep Dive |
| CVE-2025-65959 | Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF' | open-webui | open-webui | High | 8.7 | 2025-12-04 20:46:37 | Deep Dive |
| CVE-2025-65958 | Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web | open-webui | open-webui | High | 8.5 | 2025-12-04 19:55:13 | Deep Dive |
| CVE-2025-64496 | Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events | open-webui | open-webui | High | 7.3 | 2025-11-08 01:29:03 | Deep Dive |
| CVE-2025-64495 | Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE | open-webui | open-webui | High | 8.7 | 2025-11-08 01:25:49 | Deep Dive |
| CVE-2025-12487 | oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability | oobabooga | text-generation-webui | 超危 | - | 2025-11-06 20:12:07 | Deep Dive |
| CVE-2025-12488 | oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability | oobabooga | text-generation-webui | 超危 | - | 2025-11-06 20:11:52 | Deep Dive |
| CVE-2025-62364 | text-generation-webui allows arbitrary file read via symbolic link upload | oobabooga | text-generation-webui | Medium | 6.2 | 2025-10-13 20:30:56 | Deep Dive |
| CVE-2025-52647 | HCL BigFix WebUI is affected by a host header poisoning vulnerability | HCL Software | BigFix WebUI | Medium | 6.1 | 2025-10-10 22:14:50 | Deep Dive |
| CVE-2025-46719 | Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions | open-webui | open-webui | - | - | 2025-05-05 18:50:57 | Deep Dive |
| CVE-2025-46571 | Open WebUI vulnerable to limited stored XSS vila uploaded html file | open-webui | open-webui | - | - | 2025-05-05 18:45:30 | Deep Dive |
| CVE-2025-43852 | GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI | RVC-Project | Retrieval-based-Voice-Conversion-WebUI | - | - | 2025-05-05 18:21:37 | Deep Dive |
| CVE-2025-43851 | GHSL-2025-021_Retrieval-based-Voice-Conversion-WebUI | RVC-Project | Retrieval-based-Voice-Conversion-WebUI | - | - | 2025-05-05 18:21:16 | Deep Dive |
| CVE-2025-43850 | GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI | RVC-Project | Retrieval-based-Voice-Conversion-WebUI | - | - | 2025-05-05 18:20:57 | Deep Dive |
| CVE-2025-43849 | GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI | RVC-Project | Retrieval-based-Voice-Conversion-WebUI | - | - | 2025-05-05 18:20:39 | Deep Dive |
| CVE-2025-43848 | GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI | RVC-Project | Retrieval-based-Voice-Conversion-WebUI | - | - | 2025-05-05 17:54:59 | Deep Dive |
| CVE-2025-43847 | GHSL-2025-017_Retrieval-based-Voice-Conversion-WebUI | RVC-Project | Retrieval-based-Voice-Conversion-WebUI | - | - | 2025-05-05 17:21:29 | Deep Dive |
| CVE-2025-43846 | GHSL-2025-016_Retrieval-based-Voice-Conversion-WebUI | RVC-Project | Retrieval-based-Voice-Conversion-WebUI | - | - | 2025-05-05 17:16:56 | Deep Dive |