Lucene search
K

8 matches found

OSV
OSV
added 2026/04/03 9:59 p.m.6 views

GHSA-53MR-6C8Q-9789 LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint

Impact The /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify proxy configuration and environment variables - Register custom pass-through endpoint handlers pointing to...

8.7CVSS6.3AI score0.26409EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2989

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00417EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:0 a.m.9 views

CVE-2023-47865

Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the...

4.3CVSS6.6AI score0.00417EPSS
Exploits0
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.4 views

Joomla! 安全漏洞

Joomla! is a free, open source content management system from Joomla! open source. A security vulnerability exists in Joomla! versions 4.0.0 through 4.4.6 and 5.0.0 through 5.1.2, which stems from the presence of improper access control that allows a back-end user to override his or her username...

7.5CVSS6.3AI score0.00354EPSS
Exploits0References3
NVD
NVD
added 2023/11/27 9:15 a.m.20 views

CVE-2023-47865

Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the...

4.3CVSS0.00417EPSS
Exploits0References1
OSV
OSV
added 2023/11/27 9:5 a.m.9 views

CVE-2023-47865 Username and Icon override can be used by members when Hardened Mode is enabled

Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the...

4.3CVSS6AI score0.00417EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.3 views

PT-2023-30649 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from Mattermost's failure to check if hardened mode is enabled when overriding the username and/or the icon when posting. If settings allow integrations to override the...

4.3CVSS4.3AI score0.00417EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.5 views

BoreD Agent 安全漏洞

BoreD Agent is an open source agent for the BoreD tunneling daemon from the US-based Lens team. A security vulnerability exists in BoreD Agent versions prior to v0.6.1, which stems from an inability to clear incoming kubernetes emulation headers, which can be exploited by an attacker to override...

8.8CVSS7.8AI score0.0088EPSS
Exploits0References2
Rows per page
Query Builder