Lucene search
K

142 matches found

RedhatCVE
RedhatCVE
added 6 days ago7 views

CVE-2026-12772

A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the authenticateuser function within the PROXYADMIN database API Key Generator component. By performing a specific manipulation, an attacker can cause session expiration for users, leading to a denial of servi...

6.5CVSS6.5AI score0.00262EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/26 9:29 a.m.5 views

CVE-2026-12773

A flaw was found in BerriAI litellm, within its MCP Proxy component. A remote attacker could exploit an improper authentication vulnerability in the UserAPIKeyAuth function. This could allow unauthorized access, potentially compromising the confidentiality, integrity, and availability of data...

9.8CVSS5.8AI score0.00612EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/24 8:38 p.m.6 views

CVE-2026-12770

A flaw was found in BerriAI litellm. A remote attacker could exploit an improper authorization vulnerability within the Admin Key Handler component. This could allow the attacker to perform unauthorized actions, leading to limited impacts on data integrity and service availability...

8.8CVSS5.9AI score0.00337EPSS
Exploits1References8
Metasploit
Metasploit
added 2026/06/24 7:4 p.m.125 views

BerriAI LiteLLM Proxy Pre-Auth SQL Injection Scanner

This module detects BerriAI LiteLLM proxy servers affected by CVE-2026-42208, an unauthenticated SQL injection. During API-key verification the proxy interpolates the raw Authorization bearer value into a PostgreSQL query WHERE v.token = '' without parameterization. Because LiteLLM only hashes...

9.8CVSS6.3AI score0.86607EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2026/06/23 8:0 a.m.7 views

CVE-2026-12774

A flaw was found in BerriAI litellm. A remote attacker could exploit a Server-Side Request Forgery SSRF vulnerability in the MCP Server Connection Testing component. This flaw, specifically within the executewithmcpclient function, allows an attacker to trick the server into making unauthorized...

6.5CVSS6.5AI score0.00262EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/23 3:36 a.m.11 views

CVE-2026-12796

A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the getredirectresponsefromopenid function within the SSO Authentication Flow component. This manipulation leads to session expiration, potentially causing a denial of service for authenticated users. Mitigati...

6.5CVSS5.6AI score0.00358EPSS
Exploits1References8
NVD
NVD
added 2026/06/21 10:16 a.m.13 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
NVD
NVD
added 2026/06/21 10:16 a.m.15 views

CVE-2026-12798

A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function loadopenapispecasync of the file litellm/proxy/experimental/mcpserver/openapitomcpgenerator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument specpath causes...

6.5CVSS0.00262EPSS
Exploits1References5
NVD
NVD
added 2026/06/21 10:16 a.m.12 views

CVE-2026-12797

A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function asyncprecallhook of the file enterprise/enterprisehooks/bannedkeywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack ma...

6.5CVSS0.00226EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/21 10:0 a.m.32 views

CVE-2026-12799 BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 10:0 a.m.9 views

EUVD-2026-38158

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

8.1CVSS6AI score0.00315EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 10:0 a.m.20 views

CVE-2026-12799

The CVE-2026-12799 entry concerns BerriAI litellm up to version 1.82.2. The vulnerability affects the function ui_view_users in litellm/proxy/management_endpoints/internal_user_endpoints.py (component: Incomplete Fix CVE-2025-0628) and enables improper authorization. The issue can be exploited re...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/21 10:0 a.m.3 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/21 9:30 a.m.6 views

EUVD-2026-38157

A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function loadopenapispecasync of the file litellm/proxy/experimental/mcpserver/openapitomcpgenerator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument specpath causes...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References5
NVD
NVD
added 2026/06/21 9:16 a.m.15 views

CVE-2026-12795

A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploi...

7.5CVSS0.00508EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 9:15 a.m.8 views

EUVD-2026-38156

A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function asyncprecallhook of the file enterprise/enterprisehooks/bannedkeywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack ma...

6.5CVSS6.1AI score0.00226EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/21 9:15 a.m.32 views

CVE-2026-12797 BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization

A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function asyncprecallhook of the file enterprise/enterprisehooks/bannedkeywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack ma...

6.5CVSS0.00226EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 9:15 a.m.4 views

CVE-2026-12797

A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function asyncprecallhook of the file enterprise/enterprisehooks/bannedkeywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack ma...

6.5CVSS6.1AI score0.00226EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/06/21 9:15 a.m.13 views

CVE-2026-12797

Technical details about CVE-2026-12797 are not publicly available in the provided documents. Monitor for updates from official advisories and vendor notices to obtain affected products, vulnerable components, and remediation information.

6.5CVSS6.1AI score0.00226EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/06/21 9:0 a.m.31 views

CVE-2026-12796 BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS0.00358EPSS
Exploits1References5
Rows per page
Query Builder