Lucene search
K

5 matches found

The Hacker News
The Hacker News
added 2026/06/15 4:39 p.m.16 views

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one...

8.8CVSS6AI score0.00739EPSS
Exploits4
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.5 views

Envoy 代码问题漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A code issue vulnerability exists in Envoy, which stems from the OAuth2 filter omitting the Secure attribute when deleting session cookies with the Secure-/Host- prefix, resulting in the browser rejecting the delet...

8.8CVSS6.7AI score0.0031EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.3 views

Envoy 安全漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A security vulnerability exists in Envoy version 1.32.0, which stems from a vulnerability that allows an attacker to inject unexpected content into the access log by exploiting insufficient validation of the...

6.5CVSS6.4AI score0.00353EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.3 views

Envoy 安全漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A security vulnerability exists in versions prior to Envoy 1.32.0 that stems from allowing an external client to manipulate the Envoy header, which can lead to unauthorized access or other malicious operations with...

6.5CVSS7.2AI score0.00378EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.4 views

编号撤回

Envoy is an Enphase open source gateway program for connecting smart home devices. This CVE number has been withdrawn...

7.5AI score
Exploits0References4
Rows per page
Query Builder