113 matches found
CVE-2026-35029 LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment...
LiteLLM 安全漏洞
LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Versions of LiteLLM prior to 1.83.0 contained a security vulnerability. This vulnerability stemmed from the lack of enforceable administrator role authorization for the...
CVE-2024-14025
An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the...
CVE-2026-21725 Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name
A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...
CVE-2026-25875
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims role and scope without enforcing server-side role verification...
CVE-2026-25875
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims role and scope without enforcing server-side role verification...
CVE-2026-25875
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims role and scope without enforcing server-side role verification...
PlaciPy 安全漏洞
PlaciPy is an open-source employment management system developed by Praskla Technology. It aims to simplify the employment processes for students, trainers, and administrators in educational institutions. Version 1.0.0 of PlaciPy contains a security vulnerability. This vulnerability stems from th...
CVE-2023-45832
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Martin Gibson WP GoToWebinar plugin = 14.45 versions...
GHSA-VCWH-PFF9-64CC RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation
Summary The ImportIam admin API validates permissions using ExportIAMAction instead of ImportIAMAction, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data performs privileged write actions creating/updating users, groups, policies, and...
EUVD-2020-25966
Malware in sbrugna...
CVE-2025-61777
Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...
EUVD-2023-28035
Malicious code in bioql PyPI...
PYSEC-2025-96
An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not proper...
CVE-2024-20537
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker...
Cisco Identity Services Engine 安全漏洞
Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco USA. The platform regulates the network by collecting real-time information from the network, users, and devices, and formulating and enforcing policies accordingly. The Cisco Identit...
PT-2024-31948 · Sourcecodester · Sourcecodester Online Medicine Ordering System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Medicine Ordering System version 1.0 Description: The issue is related to Incorrect Access Control, where there is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level...
CVE-2024-34716
PrestaShop CVE-2024-34716 is a XSS flaw affecting 8.1.0–8.1.5 when the customer-thread feature flag is enabled. An attacker can upload a malicious file via the front-office contact form and trigger script execution when an admin opens the attachment in back office, potentially leaking session dat...
CVE-2023-23702
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...