Lucene search
K

297 matches found

OSV
OSV
added yesterday3 views

ROOT-APP-PYPI-CVE-2026-48817 CVE-2026-48817 in rootio-starlette - Patched by Root

Root has patched CVE-2026-48817 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

5.3CVSS6.1AI score0.00213EPSS
Exploits0
OSV
OSV
added yesterday18 views

ROOT-APP-PYPI-CVE-2026-48710 CVE-2026-48710 in rootio-starlette - Patched by Root

Root has patched CVE-2026-48710 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

6.5CVSS5.8AI score0.01438EPSS
Exploits2
OSV
OSV
added yesterday17 views

ROOT-APP-PYPI-CVE-2025-62727 CVE-2025-62727 in rootio-starlette - Patched by Root

Root has patched CVE-2025-62727 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.00638EPSS
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-PYPI-CVE-2026-48818 CVE-2026-48818 in rootio-starlette - Patched by Root

Root has patched CVE-2026-48818 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.2AI score0.00368EPSS
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-PYPI-CVE-2026-54283 CVE-2026-54283 in rootio-starlette - Patched by Root

Root has patched CVE-2026-54283 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.2AI score0.00275EPSS
Exploits0
OSV
OSV
added yesterday12 views

ROOT-APP-PYPI-CVE-2025-54121 CVE-2025-54121 in rootio-starlette - Patched by Root

Root has patched CVE-2025-54121 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

5.3CVSS7.5AI score0.0053EPSS
Exploits0
OSV
OSV
added yesterday2 views

ROOT-APP-PYPI-CVE-2026-54282 CVE-2026-54282 in rootio-starlette - Patched by Root

Root has patched CVE-2026-54282 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

5.3CVSS6.1AI score0.00187EPSS
Exploits0
Nuclei
Nuclei
added yesterday12 views

Starlette - Improper Validation of Unsafe Equivalence in Input

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

6.5CVSS6.3AI score0.01438EPSS
Exploits2References2
OSV
OSV
added 2 days ago4 views

ROOT-APP-PYPI-CVE-2023-30798 CVE-2023-30798 in rootio-starlette - Patched by Root

Root has patched CVE-2023-30798 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.01288EPSS
Exploits0
OSV
OSV
added 2 days ago7 views

ROOT-APP-PYPI-CVE-2024-47874 CVE-2024-47874 in rootio-starlette - Patched by Root

Root has patched CVE-2024-47874 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

5.4AI score0.00658EPSS
Exploits0
Nuclei
Nuclei
added 2 days ago15 views

LiteLLM - Command Injection

A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...

8.8CVSS7.2AI score0.80188EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2026/07/01 2:30 p.m.25 views

CVE-2026-54283

A flaw was found in Starlette where the request.form method silently ignores configured resource limits maxfields and maxpartsize when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number...

7.5CVSS5.6AI score0.00275EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.17 views

Security update for python-starlette (important)

openSUSE security update: security update for python-starlette ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21053-1 Rating: important References: bsc1268389 bsc1268517 bsc1268520 Cross-References: CVE-2026-48817 CVE-2026-54282 CVE-2026-54283 CVSS...

8.7CVSS6.2AI score0.00275EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 4:50 a.m.15 views

CVE-2026-54282

A flaw was found in Starlette, a lightweight Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.3.0, the HTTP request path was not properly validated when reconstructing the request.url. A remote attacker could craft a malicious HTTP request path that does not begin with a...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 10:37 p.m.4 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python-sentry-sdk: python3-sentry-sdk+aiohttp-2.48.0-6.hum1 noarch python3-sentry-sdk+asyncpg-2.48.0-6.hum1 noarch python3-sentry-sdk+bottle-2.48.0-6.hum1 noarch...

8.2CVSS6.3AI score0.00527EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 9:41 p.m.2 views

SUSE-SU-2026:22360-1 Security update for python-starlette

This update for python-starlette fixes the following issues - CVE-2026-48817: arbitrary HTTP method dispatched to HTTPEndpoint attributes via getattr bsc1268389. - CVE-2026-54282: request path that lacks a leading forward slash can lead to request.url.hostname manipulation bsc1268520. -...

7.5CVSS5.9AI score0.00275EPSS
Exploits0References7
OSV
OSV
added 2026/06/24 9:39 p.m.3 views

OPENSUSE-SU-2026:21053-1 Security update for python-starlette

This update for python-starlette fixes the following issues - CVE-2026-48817: arbitrary HTTP method dispatched to HTTPEndpoint attributes via getattr bsc1268389. - CVE-2026-54282: request path that lacks a leading forward slash can lead to request.url.hostname manipulation bsc1268520. -...

7.5CVSS5.9AI score0.00275EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/22 9:57 p.m.4 views

CVE-2026-48746 vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS5.9AI score0.01014EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 9:57 p.m.118 views

CVE-2026-48746

vLLM OpenAI auth bypass (CVE-2026-48746) affects vLLM versions 0.3.0 through 0.21.0. Root cause: ASGI servers and Starlette trust the Host header from the request scope, enabling manipulation of the reconstructed URL path and bypassing the OpenAI API AuthenticationMiddleware for routes beginning ...

9.1CVSS5.9AI score0.01014EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:57 p.m.77 views

CVE-2026-48746 vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS0.01014EPSS
Exploits0References3
Rows per page
Query Builder