5 matches found
CVE-2026-58446
CVE-2026-58446 affects Presenton before 0.8.8-beta. The MCP server deployed with session authentication in server/Docker setups is reachable unauthenticated at /mcp because the nginx front-end does not apply the auth gate to that path, and the MCP server auto-mints a valid internal session token ...
GHSA-FJCF-3J3R-78RP LiteLLM Has an Improper Authorization Vulnerability
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...
CVE-2024-37282
It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges...
CVE-2023-22497 Netdata is vulnerable to improper authentication
Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...
Samsung SmartThings Privilege Management Vulnerability (CNVD-2025-02721)
Samsung SmartThings is an app from Samsung South Korea that connects smart devices. A privilege management vulnerability exists in Samsung SmartThings versions prior to 1.7.73.22, which stems from improper privilege management of the API key used by SmartThings, and can be exploited by an attacke...