GHSA-FJCF-3J3R-78RP LiteLLM Has an Improper Authorization Vulnerability

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

CVE-2024-37282

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges...

CVE-2023-22497 Netdata is vulnerable to improper authentication

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

Samsung SmartThings Privilege Management Vulnerability (CNVD-2025-02721)

Samsung SmartThings is an app from Samsung South Korea that connects smart devices. A privilege management vulnerability exists in Samsung SmartThings versions prior to 1.7.73.22, which stems from improper privilege management of the API key used by SmartThings, and can be exploited by an attacke...