Vulnerabilities > Openwebui

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-10	CVE-2024-7049	Unspecified vulnerability in Openwebui Open Webui 0.3.8 In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. network low complexity openwebui	5.4
2024-10-09	CVE-2024-7038	Information Exposure Through an Error Message vulnerability in Openwebui Open Webui An information disclosure vulnerability exists in open-webui version 0.3.8. network low complexity openwebui CWE-209	2.7
2024-08-07	CVE-2024-6706	Cross-site Scripting vulnerability in Openwebui Open Webui 0.1.105 Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. network low complexity openwebui CWE-79	6.1
2024-08-07	CVE-2024-6707	Path Traversal vulnerability in Openwebui Open Webui 0.1.105 Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. network low complexity openwebui CWE-22	8.8

Vulnerabilities > Openwebui {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Openwebui"}]}