Lucene search
K

749 matches found

Nuclei
Nuclei
added 13 hours ago85 views

LiteLLM - Server-Side Request Forgery

LiteLLM vulnerable to Server-Side Request Forgery SSRF vulnerability Exposes OpenAI API Keys. id: CVE-2024-6587 info: name: LiteLLM - Server-Side Request Forgery author: pdresearch,iamnoooob,rootxharsh,lambdasawa severity: high description: | LiteLLM vulnerable to Server-Side Request Forgery SSRF...

7.5CVSS7.1AI score0.37197EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago42 views

AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls

The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ayschatgptdisconnect, ayschatgptconnect, and ayschatgptsavefeedback id: CVE-2024-7714 info: name: AI Assistant with...

7.5CVSS6.1AI score0.00848EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago23 views

SmartSearchWP < 2.4.6 - OpenAI Key Disclosure

The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key. id: CVE-2024-6845 info: name: SmartSearchWP 2.4.6 - OpenAI Key Disclosure author: s4e-io severity: medium...

5.3CVSS6.1AI score0.01113EPSS
Exploits1References2
EUVD
EUVD
added 15 hours ago4 views

EUVD-2026-43057

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

6.1AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-13233

Summary: CVE-2026-13233 is a Server-Side Request Forgery (SSRF) vulnerability in the Drupal OpenAI Provider module. The issue arises because the module does not sufficiently sanitize user-supplied URLs, enabling SSRF. Affected software: Drupal OpenAI Provider module (OpenAI as a provider for the ...

6.1AI score
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-59820

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whos...

6.1CVSS0.00323EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42106

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 4 days ago8 views

CVE-2026-59706

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS0.00259EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago24 views

CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-59706

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.5CVSS0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.1AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 12:31 a.m.9 views

EUVD-2026-41443

Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00608EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 11:16 p.m.11 views

CVE-2026-45499

Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...

9.9CVSS0.00608EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/02 10:18 p.m.7 views

CVE-2026-45499 Azure OpenAI Elevation of Privilege Vulnerability

...

9.9CVSS5.9AI score0.00608EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 10:18 p.m.7 views

CVE-2026-45499

Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00608EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 10:18 p.m.32 views

CVE-2026-45499 Azure OpenAI Elevation of Privilege Vulnerability

...

9.9CVSS0.00608EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 10:18 p.m.23 views

CVE-2026-45499

Technical details for CVE-2026-45499 are not publicly available in the provided documents. Monitor for updates; current sources only reiterate the SSRF elevation in Azure OpenAI without specification of affected products, versions, or fixes.

9.9CVSS5.8AI score0.00608EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/07/02 2:0 p.m.7 views

Azure OpenAI Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00608EPSS
Exploits0
Rows per page
Query Builder