#
API Abuse
2 entries
Every API Abuse entry VulnWatch has indexed, sorted by publication date.
Subscribe to this tag's RSS feed
Medium
github
Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)
### Summary GET `/api/v1/memories/ef` is accessible without authentication and executes `request.app.state.EMBEDDING_FUNCTION(...)`. This allows any unauthenticated caller to trigger embedding generat...
API Abuse
openai
6.5
CVSS
2 weeks ago
High
github
opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay
### Summary A server-side authentication bypass in `azureauthextension` allows any party who holds a single valid Azure access token for *any scope the collector's configured identity can mint for* t...
8.1
CVSS
3 weeks ago