Lucene search
+L

113 matches found

cvelist
cvelist
added 2026/04/06 4:35 p.m.36 views

CVE-2026-35029 LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment...

8.7CVSS0.26409EPSS
Exploits2References1
cnnvd
cnnvd
added 2026/04/06 12:0 a.m.9 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Versions of LiteLLM prior to 1.83.0 contained a security vulnerability. This vulnerability stemmed from the lack of enforceable administrator role authorization for the...

8.8CVSS6.1AI score0.26409EPSS
Exploits2References1
osv
osv
added 2026/03/11 8:16 a.m.6 views

CVE-2024-14025

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the...

6.7CVSS6AI score
Exploits0References1
vulnrichment
vulnrichment
added 2026/02/25 12:35 p.m.6 views

CVE-2026-21725 Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

2.6CVSS5.8AI score0.00175EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/11 1:33 a.m.5 views

CVE-2026-25875

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims role and scope without enforcing server-side role verification...

9.8CVSS5.4AI score0.00288EPSS
Exploits0References1
nvd
nvd
added 2026/02/09 10:16 p.m.8 views

CVE-2026-25875

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims role and scope without enforcing server-side role verification...

9.8CVSS0.00288EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/09 9:7 p.m.6 views

CVE-2026-25875

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims role and scope without enforcing server-side role verification...

9.3CVSS5.4AI score0.00288EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/02/09 12:0 a.m.6 views

PlaciPy 安全漏洞

PlaciPy is an open-source employment management system developed by Praskla Technology. It aims to simplify the employment processes for students, trainers, and administrators in educational institutions. Version 1.0.0 of PlaciPy contains a security vulnerability. This vulnerability stems from th...

9.8CVSS5.8AI score0.00288EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 9:28 a.m.8 views

CVE-2023-45832

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Martin Gibson WP GoToWebinar plugin = 14.45 versions...

5.9CVSS5.6AI score0.00418EPSS
Exploits0References1
osv
osv
added 2026/01/08 8:36 p.m.6 views

GHSA-VCWH-PFF9-64CC RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation

Summary The ImportIam admin API validates permissions using ExportIAMAction instead of ImportIAMAction, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data performs privileged write actions creating/updating users, groups, policies, and...

7.1CVSS5.8AI score0.00392EPSS
Exploits1References3
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-25966

Malware in sbrugna...

4.9CVSS5.2AI score0.00832EPSS
Exploits0References3
nvd
nvd
added 2025/10/06 5:16 p.m.14 views

CVE-2025-61777

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS0.00427EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.11 views

EUVD-2023-28035

Malicious code in bioql PyPI...

5.9CVSS5.2AI score0.00392EPSS
Exploits0References1
pypa
pypa
added 2025/03/20 10:15 a.m.15 views

PYSEC-2025-96

An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not proper...

6.5CVSS6.6AI score0.006EPSS
Exploits1References1Affected Software1
osv
osv
added 2024/11/06 5:15 p.m.3 views

CVE-2024-20537

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker...

6.5CVSS5.8AI score0.00473EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/11/06 12:0 a.m.11 views

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco USA. The platform regulates the network by collecting real-time information from the network, users, and devices, and formulating and enforcing policies accordingly. The Cisco Identit...

4.9CVSS5.8AI score0.00344EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/09/30 12:0 a.m.6 views

PT-2024-31948 · Sourcecodester · Sourcecodester Online Medicine Ordering System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Medicine Ordering System version 1.0 Description: The issue is related to Incorrect Access Control, where there is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level...

9.8CVSS6.9AI score0.00421EPSS
Exploits0References8
cve
cve
added 2024/05/14 3:45 p.m.309 views

CVE-2024-34716

PrestaShop CVE-2024-34716 is a XSS flaw affecting 8.1.0–8.1.5 when the customer-thread feature flag is enabled. An attacker can upload a malicious file via the front-office contact form and trigger script execution when an admin opens the attachment in back office, potentially leaking session dat...

9.6CVSS8AI score0.5617EPSS
Exploits2References2Affected Software1
nvd
nvd
added 2023/11/06 10:15 a.m.24 views

CVE-2023-23702

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...

5.9CVSS4.9AI score0.00316EPSS
Exploits0References1
prion
prion
added 2023/11/06 10:15 a.m.16 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...

4.3CVSS6AI score0.00316EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder