Lucene search
+L

127 matches found

nvd
nvd
added 3 days ago3 views

CVE-2026-15557

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS0.00507EPSS
Exploits0References6
cvelist
cvelist
added 3 days ago32 views

CVE-2026-15557 waooAI waoowaoo Internal Task Header api-auth.ts requireProjectAuthLight improper authentication

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS0.00507EPSS
Exploits0References6
euvd
euvd
added 2026/07/09 12:29 p.m.7 views

EUVD-2026-42589

The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...

8.7CVSS6.4AI score0.00281EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/25 6:44 p.m.11 views

CVE-2026-47101

A flaw was found in LiteLLM. An authenticated internal user can exploit this vulnerability by creating API keys that grant access to routes beyond their assigned role. This occurs because the system fails to verify if the specified allowedroutes for the API key align with the user's actual...

8.8CVSS6AI score0.00739EPSS
Exploits3References10
nvd
nvd
added 2026/06/21 10:16 a.m.15 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
euvd
euvd
added 2026/06/21 10:0 a.m.13 views

EUVD-2026-38158

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

8.1CVSS6AI score0.00315EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/06/21 10:0 a.m.4 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
cve
cve
added 2026/06/21 10:0 a.m.52 views

CVE-2026-12799

The CVE-2026-12799 entry concerns BerriAI litellm up to version 1.82.2. The vulnerability affects the function ui_view_users in litellm/proxy/management_endpoints/internal_user_endpoints.py (component: Incomplete Fix CVE-2025-0628) and enables improper authorization. The issue can be exploited re...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
cvelist
cvelist
added 2026/06/21 10:0 a.m.37 views

CVE-2026-12799 BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
osv
osv
added 2026/06/21 10:0 a.m.4 views

CVE-2026-12799 BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS5.7AI score0.00288EPSS
Exploits1References7
github
github
added 2026/05/21 9:30 p.m.12 views

LiteLLM allows an authenticated internal_user to create API keys with access to routes that their role does not permit

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS6.1AI score0.00739EPSS
Exploits3References10Affected Software1
osv
osv
added 2026/05/21 9:30 p.m.3 views

GHSA-QRC4-49GV-MV9M LiteLLM allows an authenticated internal_user to create API keys with access to routes that their role does not permit

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS6.1AI score0.00739EPSS
Exploits3References10
cvelist
cvelist
added 2026/05/21 8:33 p.m.43 views

CVE-2026-47101 LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS0.00739EPSS
Exploits3References8
attackerkb
attackerkb
added 2026/05/21 8:33 p.m.10 views

CVE-2026-47101

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References8
vulnrichment
vulnrichment
added 2026/05/21 8:33 p.m.11 views

CVE-2026-47101 LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References8
euvd
euvd
added 2026/05/21 8:33 p.m.12 views

EUVD-2026-31346

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References7
osv
osv
added 2026/05/21 8:33 p.m.2 views

CVE-2026-47101 LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.7CVSS7.3AI score0.00739EPSS
Exploits3References14
cve
cve
added 2026/05/21 8:33 p.m.30 views

CVE-2026-47101

LiteLLM prior to 1.83.14 is affected. An authenticated internal_user can generate API keys where allowed_routes may include admin-only routes, bypassing role-based access controls because the system does not verify that the requested routes fall within the creator’s permissions. This enables priv...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References11Affected Software1
cnnvd
cnnvd
added 2026/05/21 12:0 a.m.12 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Versions of LiteLLM prior to 1.83.14 contained a security vulnerability. This vulnerability stemmed from the lack of verification of whether the allowedroutes field was within the user’s...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References1
ptsecurity
ptsecurity
added 2026/04/02 12:0 a.m.6 views

PT-2026-29794

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...

9.9CVSS6AI score0.00289EPSS
Exploits1References4
Rows per page
Query Builder