CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

CVE-2026-12799 BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

EUVD-2026-38158

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

CVE-2026-12799

The CVE-2026-12799 entry concerns BerriAI litellm up to version 1.82.2. The vulnerability affects the function ui_view_users in litellm/proxy/management_endpoints/internal_user_endpoints.py (component: Incomplete Fix CVE-2025-0628) and enables improper authorization. The issue can be exploited re...

EUVD-2026-34224

Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service...

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Prior to version 1.83.10, LiteLLM had a security vulnerability. This vulnerability stemmed from the lack of restrictions on the fields that could be modified by the /user and /update...

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. A security vulnerability existed in versions of Weblate prior to 5.17, which stemmed from the incorrect limitation of editing ranges in user-managed API endpoints...

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from insufficient authorization checks on user-operated...

CVE-2026-25045 Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...

Firefly III user API endpoints expose all users' information to any authenticated user (IDOR)

Summary The User management API endpoints GET /api/v1/users and GET /api/v1/users/id are accessible to any authenticated user without admin/owner role verification, exposing all users' email addresses, roles, and account status. Affected Endpoints 1. GET /api/v1/users UserController::index, line ...

CVE-2025-64487

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in...

CVE-2025-64487 Outline is vulnerable to privilege escalation vulnerability in document sharing

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in...

CVE-2025-64487

Outline is a collaborative documentation service. CVE-2025-64487 describes a privilege escalation in the Outline document management system caused by inconsistent authorization checks between user and group membership endpoints, prior to version 1.1.0. The issue enables lower-privilege users to e...

EUVD-2025-27977

Malicious code in bioql PyPI...

PT-2024-26289 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.5 Description: An information disclosure issue exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens,...

PT-2024-26293 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.5 Description: An information disclosure issue exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This occurs when authenticated users inspect...

CVE-2024-43377

CVE-2024-43377 affects Umbraco CMS (ASP.NET). An authenticated user could access a small set of unintended endpoints due to insufficient access restrictions in the Umbraco Management API. The issue is mitigated by upgrading to version 14.1.2 or newer, which fixes the vulnerability. The public adv...

How to Apply NIST Principles to SaaS in 2023

The National Institute of Standards and Technology NIST is one of the standard-bearers in global cybersecurity. The U.S.-based institute's cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance ...

WordPress plugin WP Cerber Security, Anti-spam & Malware Scan 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...