Lucene search
+L

780 matches found

Nuclei
Nuclei
added yesterday43 views

AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls

The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ayschatgptdisconnect, ayschatgptconnect, and ayschatgptsavefeedback id: CVE-2024-7714 info: name: AI Assistant with...

7.5CVSS5.2AI score0.00848EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday24 views

SmartSearchWP < 2.4.6 - OpenAI Key Disclosure

The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key. id: CVE-2024-6845 info: name: SmartSearchWP 2.4.6 - OpenAI Key Disclosure author: s4e-io severity: medium...

5.3CVSS5.3AI score0.01113EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago88 views

LiteLLM - Server-Side Request Forgery

LiteLLM vulnerable to Server-Side Request Forgery SSRF vulnerability Exposes OpenAI API Keys. id: CVE-2024-6587 info: name: LiteLLM - Server-Side Request Forgery author: pdresearch,iamnoooob,rootxharsh,lambdasawa severity: high description: | LiteLLM vulnerable to Server-Side Request Forgery SSRF...

7.5CVSS7.7AI score0.37197EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago9 views

Malicious code in hehehe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 588dd776720f805d7d84a58c93ffcd21ed860e3fc21a48787d732eb6180b974d Package is published as an 'enterprise Windows Diagnostic Utility' but is an anti-proctoring cheating tool that also steals the installer's browser...

6.1AI score
Exploits0References2
OSV
OSV
added 3 days ago6 views

MAL-2026-10732 Malicious code in hehehe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 588dd776720f805d7d84a58c93ffcd21ed860e3fc21a48787d732eb6180b974d Package is published as an 'enterprise Windows Diagnostic Utility' but is an anti-proctoring cheating tool that also steals the installer's browser...

6.1AI score
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-44953

text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...

8.6CVSS6.2AI score0.00323EPSS
Exploits0References2
Fedora
Fedora
added 3 days ago14 views

[SECURITY] Fedora 43 Update: python-tiktoken-0.13.0-2.fc43

tiktoken is a fast BPE tokeniser for use with OpenAI's models...

6.1AI score
Exploits0
Fedora
Fedora
added 3 days ago15 views

[SECURITY] Fedora 44 Update: python-tiktoken-0.13.0-2.fc44

tiktoken is a fast BPE tokeniser for use with OpenAI's models...

6.1AI score
Exploits0
NVD
NVD
added 5 days ago6 views

CVE-2026-47475

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS0.0012EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-24271

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago40 views

CVE-2026-24271

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 5 days ago10 views

CVE-2026-24271

NVIDIA TensorRT-LLM’s OpenAI-compatible inference API (CVE-2026-24271) is vulnerable to unthrottled GPU resource allocation, potentially causing denial of service. The affected product is NVIDIA TensorRT-LLM; the issue stems from uncontrolled resource allocation within the inference API. The secu...

6.2CVSS6.1AI score0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-47475

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 5 days ago10 views

CVE-2026-47475

Summary of CVE-2026-47475 (NVIDIA TensorRT-LLM) : A vulnerability in the OpenAI-compatible inference API could allow an attacker to trigger a reachable assertion in the sampler thread, potentially causing a denial of service. The issue is scoped to NVIDIA TensorRT-LLM, with local attack vector an...

6.2CVSS6.1AI score0.0012EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-62186

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS6.2AI score0.00192EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-57888

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.6.8 Description An authorization bypass exists in OpenAI-compatible HTTP model overrides. This issue allows callers with lower trust levels to perform actions that typically require stronger authorization checks...

7.6CVSS6.2AI score0.00192EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/11 12:31 a.m.6 views

EUVD-2026-43057

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

6.1AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 10:16 p.m.4 views

CVE-2026-13233

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

3.3CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:44 p.m.12 views

CVE-2026-13233

The CVE-2026-13233 entry describes a Server-Side Request Forgery (SSRF) in the Drupal OpenAI Provider module. Affected are Drupal OpenAI Provider versions 0.0.0–1.1.1 and 1.2.0–1.2.2. Root cause: insufficient sanitization of user-supplied URLs, enabling SSRF. Impact is limited to the described vu...

3.3CVSS6.1AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 9:44 p.m.32 views

CVE-2026-13233 OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

0.00161EPSS
Exploits0References1
Rows per page
Query Builder