780 matches found
AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls
The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ayschatgptdisconnect, ayschatgptconnect, and ayschatgptsavefeedback id: CVE-2024-7714 info: name: AI Assistant with...
SmartSearchWP < 2.4.6 - OpenAI Key Disclosure
The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key. id: CVE-2024-6845 info: name: SmartSearchWP 2.4.6 - OpenAI Key Disclosure author: s4e-io severity: medium...
LiteLLM - Server-Side Request Forgery
LiteLLM vulnerable to Server-Side Request Forgery SSRF vulnerability Exposes OpenAI API Keys. id: CVE-2024-6587 info: name: LiteLLM - Server-Side Request Forgery author: pdresearch,iamnoooob,rootxharsh,lambdasawa severity: high description: | LiteLLM vulnerable to Server-Side Request Forgery SSRF...
Malicious code in hehehe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 588dd776720f805d7d84a58c93ffcd21ed860e3fc21a48787d732eb6180b974d Package is published as an 'enterprise Windows Diagnostic Utility' but is an anti-proctoring cheating tool that also steals the installer's browser...
MAL-2026-10732 Malicious code in hehehe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 588dd776720f805d7d84a58c93ffcd21ed860e3fc21a48787d732eb6180b974d Package is published as an 'enterprise Windows Diagnostic Utility' but is an anti-proctoring cheating tool that also steals the installer's browser...
EUVD-2026-44953
text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...
[SECURITY] Fedora 43 Update: python-tiktoken-0.13.0-2.fc43
tiktoken is a fast BPE tokeniser for use with OpenAI's models...
[SECURITY] Fedora 44 Update: python-tiktoken-0.13.0-2.fc44
tiktoken is a fast BPE tokeniser for use with OpenAI's models...
CVE-2026-47475
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-24271
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-24271
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-24271
NVIDIA TensorRT-LLM’s OpenAI-compatible inference API (CVE-2026-24271) is vulnerable to unthrottled GPU resource allocation, potentially causing denial of service. The affected product is NVIDIA TensorRT-LLM; the issue stems from uncontrolled resource allocation within the inference API. The secu...
CVE-2026-47475
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-47475
Summary of CVE-2026-47475 (NVIDIA TensorRT-LLM) : A vulnerability in the OpenAI-compatible inference API could allow an attacker to trigger a reachable assertion in the sampler thread, potentially causing a denial of service. The issue is scoped to NVIDIA TensorRT-LLM, with local attack vector an...
CVE-2026-62186
OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...
PT-2026-57888
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.6.8 Description An authorization bypass exists in OpenAI-compatible HTTP model overrides. This issue allows callers with lower trust levels to perform actions that typically require stronger authorization checks...
EUVD-2026-43057
Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...
CVE-2026-13233
Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...
CVE-2026-13233
The CVE-2026-13233 entry describes a Server-Side Request Forgery (SSRF) in the Drupal OpenAI Provider module. Affected are Drupal OpenAI Provider versions 0.0.0–1.1.1 and 1.2.0–1.2.2. Root cause: insufficient sanitization of user-supplied URLs, enabling SSRF. Impact is limited to the described vu...
CVE-2026-13233 OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053
Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...