GHSA-w7qr-q9fh-fj35: Dozzle uses unsafe hash for passwords

GHSA-mq92-jr35-ffpc: open-webui allows enumeration of file names and traversal of directories by observing the error messages

GHSA-xcvc-5hgv-phqg: open-webui Insecure Direct Object Reference (IDOR) vulnerability

GHSA-54f4-v6v9-9q82: open-webui allows writing and deleting arbitrary files

GHSA-7qmx-3fpx-r45m: Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations

An issue present in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.

**Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method**

Moderate severity GitHub Reviewed Published Dec 8, 2023 to the GitHub Advisory Database • Updated Dec 8, 2023

Headline

GHSA-p8q6-qrgj-7gx2: Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method

Related news

ghsa: Latest News