Zero Day Initiative — FreeIntelHub

Zero Day Initiative CVE Jan 9

ZDI-26-033: (0Day) Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not require...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-032: (0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vuln...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-031: (0Day) Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vuln...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-030: (0Day) GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit thi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-029: (0Day) GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit thi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-028: (0Day) GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is r...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-027: (0Day) Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required t...

T1190 1 IOC

Zero Day Initiative →