Filtered by vendor Openwebui
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-6707 | 2 Debian, Openwebui | 2 Debian Linux, Open Webui | 2024-08-08 | N/A | 8.8 HIGH |
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. | |||||
CVE-2024-6706 | 2 Debian, Openwebui | 2 Debian Linux, Open Webui | 2024-08-08 | N/A | 6.1 MEDIUM |
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. |