Exploit for Incorrect Authorization in Litellm

CVE-2026-35029 – LiteLLM /config/update privilege escalation...

📄 LiteLLM 1.83.0 Insecure Direct Object Reference

LiteLLM exposes a /config/update API endpoint that allows administrators to make configuration changes to the instance. Due to a missing authorization check, low-privileged users can access this endpoint without restriction. An attacker with a low-privileged account can exploit this to exfiltrate...

CVE-2026-35029 vulnerabilities

Vulnerabilities for packages: airflow...

CVE-2026-35029

creationtimestamp| type| source ---|---|--- 2026-04-06 18:32:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mitvlluyaz24 2026-04-06 19:28:45+00:00| published-proof-of-concept| Telegram/ECjdy8s76GZBalwnIB79ij56tbajMeprVumTyCn-zmzM 2026-04-16 00:07:28+00:00| seen|...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +734 more potentially affected by CVE-2026-35029 via litellm (>=1.0.0 <=1.82.6)

litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 and more Source cves: CVE-2026-35029 Source advisory: SNYK:PYTHON-LITELLM-15907616...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +753 more potentially affected by CVE-2026-35029 via litellm (>=0.1.400 <=1.82.6)

litellm PYPI version =0.1.400, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 and more Source cves: CVE-2026-35029 Source advisory: OSV:GHSA-53MR-6C8Q-9789...

CVE-2022-35029

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea...

Liferay Portal CE 7.4.3.70 < x < 7.4.3.77 Multiple vulnerabilities

The detected install of Liferay Portal CE is between 7.4.3.70 and 7.4.3.76. It is therefore affected by multiple vulnerabilities: - Cross-site request forgery CSRF vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76 allows remote attackers to execute...

CVE-2023-35029

creationtimestamp| type| source ---|---|--- 2023-06-15 07:21:17+00:00| seen| https://t.me/cibsecurity/65252...

CVE-2023-35029

Open redirect in Liferay Portal/DXP: affected Liferay Portal 7.4.3.70–7.4.3.76 and DXP 7.4 updates 70–76. The vulnerability exploits the Layout module’s SEO configuration via the GroupPagesPortlet_backURL parameter to redirect users to arbitrary external URLs. Exploitation details are not provide...

CVE-2022-35029

creationtimestamp| type| source ---|---|--- 2022-09-22 20:12:25+00:00| seen| https://t.me/cibsecurity/50274...

CVE-2022-35029

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea...

CVE-2022-35029

CVE-2022-35029 affects the open-source library OTFCC/Caryll OTFCC . The issue is a segmentation fault causing a crash in the binary at /release-x64/otfccdump+0x6babea . Multiple connected sources (CNVD, CNNVD, OSV, Debian tracker, NVD, etc.) describe a denial-of-service/crash condition originatin...

CVE-2022-35029

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea...

CVE-2021-35029

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected devi...

CVE-2021-35029

The CVE-2021-35029 entry describes an authentication bypass in the web-based management interface of Zyxel devices (USG/Zywall series firmware 4.35–4.64 and USG Flex/ATP/VPN series firmware 4.35–5.01) that could allow a remote attacker to execute arbitrary commands on an affected device. The conn...

CVE-2021-35029

creationtimestamp| type| source ---|---|--- 2021-06-28 13:17:23+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus18/2021 2021-07-02 14:32:57+00:00| seen| https://t.me/cibsecurity/25886...