EUVD-2026-38156

A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function asyncprecallhook of the file enterprise/enterprisehooks/bannedkeywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack ma...

CVE-2026-12797

Technical details about CVE-2026-12797 are not publicly available in the provided documents. Monitor for updates from official advisories and vendor notices to obtain affected products, vulnerable components, and remediation information.

CVE-2026-45349 Open WebUI: Broken Access Control for Completions API

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key generated in OWUI and the Chat ID of another user to continue the conversation of the other...

CVE-2025-62164

vLLM is an inference and serving engine for large language models LLMs. From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash denial-of-service and potentially remote code execution RCE, exists in the Completions API endpoint. When processing user-supplied...