Vulnerabilities > Openwebui > Open Webui > 0.3.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-20 | CVE-2024-7053 | Unspecified vulnerability in Openwebui Open Webui 0.3.8 A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. | 9.0 |
| 2025-03-20 | CVE-2024-7806 | Unspecified vulnerability in Openwebui Open Webui A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). | 8.8 |
| 2024-10-10 | CVE-2024-7049 | Unspecified vulnerability in Openwebui Open Webui 0.3.8 In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. | 5.4 |