Lucene search
+L

778 matches found

drupal
drupal
added 2026/06/24 12:0 a.m.7 views

OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053

This module enables you to use OpenAI as a provider for the AI module. The module doesn't sufficiently sanitize user-supplied URLs, leading to a Server-side request forgery SSRF vulnerability. This vulnerability is mitigated by the fact that an attacker must have the access to change the host url...

3.3CVSS5.9AI score0.00161EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.7 views

PT-2026-52166

Name of the Vulnerable Software and Affected Versions Drupal OpenAI Provider versions 0.0.0 through 1.1.1 Drupal OpenAI Provider versions 1.2.0 through 1.2.2 Description Insufficient sanitization of user-supplied URLs leads to a Server-Side Request Forgery SSRF, a flaw where an attacker can induc...

6.1AI score0.00161EPSS
Exploits0References3
thn
thn
added 2026/06/23 3:56 a.m.12 views

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence AI company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping patch software...

7.5CVSS6.1AI score0.07237EPSS
Exploits0
nvd
nvd
added 2026/06/22 11:16 p.m.11 views

CVE-2026-48746

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS0.01014EPSS
Exploits0References10
osv
osv
added 2026/06/22 9:57 p.m.4 views

CVE-2026-48746 vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS6AI score0.01014EPSS
Exploits0References12
vulnrichment
vulnrichment
added 2026/06/22 9:57 p.m.4 views

CVE-2026-48746 vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS5.9AI score0.01014EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/22 9:57 p.m.5 views

CVE-2026-48746

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS5.9AI score0.01014EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/06/22 9:57 p.m.79 views

CVE-2026-48746 vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS0.01014EPSS
Exploits0References3
cve
cve
added 2026/06/22 9:57 p.m.120 views

CVE-2026-48746

vLLM OpenAI auth bypass (CVE-2026-48746) affects vLLM versions 0.3.0 through 0.21.0. Root cause: ASGI servers and Starlette trust the Host header from the request scope, enabling manipulation of the reconstructed URL path and bypassing the OpenAI API AuthenticationMiddleware for routes beginning ...

9.1CVSS5.9AI score0.01014EPSS
Exploits0References10Affected Software1
nvd
nvd
added 2026/06/22 9:16 p.m.14 views

CVE-2026-49468

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from...

9.8CVSS0.00559EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/06/22 8:37 p.m.5 views

CVE-2026-49468

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from...

9.8CVSS5.9AI score0.00559EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/06/20 6:27 p.m.4 views

CVE-2025-71379 vllm - Regular Expression Denial of Service in Multiple Components

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS6AI score0.00321EPSS
Exploits1References4
ossf
ossf
added 2026/06/17 5:7 a.m.8 views

Malicious code in @mastra/voice-openai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 636dbce2606cf797f51ebd7c7e76ee2154a1e00e61b734cef90f19ca02ad397c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
ossf
ossf
added 2026/06/17 5:6 a.m.10 views

Malicious code in @mastra/voice-openai-realtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 623d77007529d1601a2da2b0ff1fc002dfa42282411ba1350b5bc720316d6c0f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
osv
osv
added 2026/06/17 5:6 a.m.7 views

MAL-2026-6049 Malicious code in @mastra/voice-openai-realtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 623d77007529d1601a2da2b0ff1fc002dfa42282411ba1350b5bc720316d6c0f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
osv
osv
added 2026/06/16 5:36 p.m.12 views

GHSA-94F4-HR76-P5J6 vLLM: OpenAI auth bypass

Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware, which was discovered during @x41sec's source code audit. It allows to use the API without providing the configured VLLMAPIKEY or...

9.1CVSS5.6AI score0.01014EPSS
Exploits0References4
github
github
added 2026/06/16 5:36 p.m.86 views

vLLM: OpenAI auth bypass

Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware, which was discovered during @x41sec's source code audit. It allows to use the API without providing the configured VLLMAPIKEY or...

9.1CVSS5.5AI score0.01014EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/06/15 4:45 p.m.11 views

MAL-2026-5789 Malicious code in claude-cup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c369ccf7b5e0ef8721b5ecdc94bd843ce260923394f6c513350a58928abdbdd3 On first invocation of npx claude-cup and on every subsequent Claude Code tool call once hooks are installed, research/config-audit.js enumerates eve...

5.5AI score
Exploits0References39
nvd
nvd
added 2026/06/11 10:16 a.m.12 views

CVE-2026-5497

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...

7.5CVSS0.00543EPSS
Exploits1References5
euvd
euvd
added 2026/06/11 8:31 a.m.11 views

EUVD-2026-36217

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...

7.5CVSS5.5AI score0.00543EPSS
Exploits1References2
Rows per page
Query Builder