Lucene search
K

21 matches found

EUVD
EUVD
added 2026/06/29 5:18 p.m.7 views

EUVD-2026-40162

PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier validation in the PU...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References3
NVD
NVD
added 2026/06/21 10:16 a.m.14 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 10:0 a.m.3 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/21 10:0 a.m.12 views

EUVD-2026-38158

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

8.1CVSS6AI score0.00315EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/21 10:0 a.m.35 views

CVE-2026-12799 BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 10:0 a.m.45 views

CVE-2026-12799

The CVE-2026-12799 entry concerns BerriAI litellm up to version 1.82.2. The vulnerability affects the function ui_view_users in litellm/proxy/management_endpoints/internal_user_endpoints.py (component: Incomplete Fix CVE-2025-0628) and enables improper authorization. The issue can be exploited re...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/04 7:32 a.m.12 views

EUVD-2026-34224

Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service...

7.1CVSS5.8AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Prior to version 1.83.10, LiteLLM had a security vulnerability. This vulnerability stemmed from the lack of restrictions on the fields that could be modified by the /user and /update...

8.8CVSS5.8AI score0.00653EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. A security vulnerability existed in versions of Weblate prior to 5.17, which stemmed from the incorrect limitation of editing ranges in user-managed API endpoints...

8.8CVSS5.8AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from insufficient authorization checks on user-operated...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/09 8:11 p.m.39 views

CVE-2026-25045 Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...

8.7CVSS0.00292EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/07 2:10 a.m.7 views

Firefly III user API endpoints expose all users' information to any authenticated user (IDOR)

Summary The User management API endpoints GET /api/v1/users and GET /api/v1/users/id are accessible to any authenticated user without admin/owner role verification, exposing all users' email addresses, roles, and account status. Affected Endpoints 1. GET /api/v1/users UserController::index, line ...

5.8AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.4 views

CVE-2025-64487

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in...

7.6CVSS5.5AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/02/11 8:25 p.m.22 views

CVE-2025-64487

Outline is a collaborative documentation service. CVE-2025-64487 describes a privilege escalation in the Outline document management system caused by inconsistent authorization checks between user and group membership endpoints, prior to version 1.1.0. The issue enables lower-privilege users to e...

7.6CVSS5.5AI score0.00197EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/11 8:25 p.m.3 views

CVE-2025-64487 Outline is vulnerable to privilege escalation vulnerability in document sharing

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in...

7.6CVSS5.5AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27977

Malicious code in bioql PyPI...

9.3CVSS6.6AI score0.00486EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.3 views

PT-2024-26293 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.5 Description: An information disclosure issue exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This occurs when authenticated users inspect...

9.1CVSS8.6AI score0.00403EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.11 views

PT-2024-26289 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.5 Description: An information disclosure issue exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens,...

9.1CVSS9AI score0.00403EPSS
Exploits0References8
CVE
CVE
added 2024/08/20 2:43 p.m.68 views

CVE-2024-43377

CVE-2024-43377 affects Umbraco CMS (ASP.NET). An authenticated user could access a small set of unintended endpoints due to insufficient access restrictions in the Umbraco Management API. The issue is mitigated by upgrading to version 14.1.2 or newer, which fixes the vulnerability. The public adv...

5.4CVSS5.2AI score0.00244EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2023/03/13 12:23 p.m.3 views

How to Apply NIST Principles to SaaS in 2023

The National Institute of Standards and Technology NIST is one of the standard-bearers in global cybersecurity. The U.S.-based institute's cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance ...

7.5AI score
Exploits0
Rows per page
Query Builder