Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

188 matches found

NVD
NVDadded last week10 views

CVE-2026-12797

A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function asyncprecallhook of the file enterprise/enterprisehooks/bannedkeywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack ma...

6.5CVSS0.00226EPSS
Exploits1References5
EUVD
EUVDadded last week6 views

EUVD-2026-38156

A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function asyncprecallhook of the file enterprise/enterprisehooks/bannedkeywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack ma...

6.5CVSS6.1AI score0.00226EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded last week3 views

CVE-2026-12797

A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function asyncprecallhook of the file enterprise/enterprisehooks/bannedkeywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack ma...

6.5CVSS6.1AI score0.00226EPSS
Exploits1References5Affected Software1
CVE
CVEadded last week12 views

CVE-2026-12797

Technical details about CVE-2026-12797 are not publicly available in the provided documents. Monitor for updates from official advisories and vendor notices to obtain affected products, vulnerable components, and remediation information.

6.5CVSS6.1AI score0.00226EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/21 12:0 a.m.11 views

PT-2026-51211

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.6 Description An authorization bypass exists in the Completions Interface. The issue occurs within the async pre call hook function located in the enterprise/enterprise hooks/banned keywords.py file. Remo...

6.5CVSS6.6AI score0.00226EPSS
Exploits1References12
RedhatCVE
RedhatCVEadded 2026/06/05 7:36 p.m.11 views

CVE-2026-41891

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS5.3AI score0.00269EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:26 p.m.10 views

CVE-2026-39418

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto with the MSGFASTOPEN flag. This allows authenticated user with tool-editing permissions to reach internal services that are explicitly blocked by the...

7.4CVSS5.3AI score0.00198EPSS
Exploits0References1
CVE
CVEadded 2026/06/03 1:17 p.m.19 views

CVE-2026-44546

The vulnerability (CVE-2026-44546) affects the Daphne web server prior to 4.2.2. It stems from a parser differential between Twisted and Autobahn: Twisted does not treat certain bytes (0x0b, 0x0c, 0x1c, 0x1d, 0x1e, 0x85) as header separators, while Autobahn decodes header values to str and calls ...

5.3CVSS5.8AI score0.00172EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2026/05/07 3:24 a.m.12 views

CVE-2026-41891

CI4MS (CodeIgniter 4-based CMS skeleton) has a deactivated/banned user bypass in versions 0.26.0–0.31.7.x due to the auth filter’s deactivated user check being commented out. The issue arises when an admin deactivates a user (active=0) after login: the user’s session remains valid and auth()->...

5.3CVSS5.7AI score0.00269EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/04 12:0 a.m.10 views

PT-2026-37161

Name of the Vulnerable Software and Affected Versions CI4MS versions 0.26.0 through 0.31.7.0 Description The auth filter contains commented-out code for checking if a user is deactivated or banned. While the loggedIn function in CodeIgniter Shield verifies the status field to identify banned user...

5.3CVSS5.9AI score0.00269EPSS
Exploits0References6
CVE
CVEadded 2026/04/14 12:8 a.m.14 views

CVE-2026-39418

CVE-2026-39418 MaxKB is affected in versions ≤ 2.7.1 where the sandbox’s network protection can be bypassed. An authenticated user with tool-editing permissions can reach internal services blocked by the sandbox by using socket.sendto() with the MSG_FASTOPEN flag. MaxKB’s sandbox relies on LD_PRE...

7.4CVSS5.7AI score0.00198EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.4 views

PT-2026-32573

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto with the MSG FASTOPEN flag. This allows authenticated user with tool-editing permissions to reach internal services that are explicitly blocked by th...

5CVSS5.7AI score0.00198EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/04/09 7:23 p.m.4 views

CVE-2026-39322

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

9.2CVSS5.9AI score0.00239EPSS
Exploits0References1
NVD
NVDadded 2026/04/07 8:16 p.m.4 views

CVE-2026-39322

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

9.2CVSS0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/07 7:3 p.m.1 views

CVE-2026-39322 PolarLearn: Any password authenticates banned accounts and grants API access

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

9.2CVSS5.9AI score0.00239EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/07 7:3 p.m.4 views

EUVD-2026-19853

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

9.2CVSS5.9AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/07 7:3 p.m.18 views

CVE-2026-39322 PolarLearn: Any password authenticates banned accounts and grants API access

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

9.2CVSS0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/07 7:3 p.m.3 views

CVE-2026-39322

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

9.2CVSS5.9AI score0.00239EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/04/07 7:3 p.m.12 views

CVE-2026-39322

PolarLearn (0-PRERELEASE-15 and earlier) is affected. The issue: POST /api/v1/auth/sign-in creates a valid session for banned accounts before password verification, and that session is accepted on authenticated /api routes, allowing account data access and authenticated actions as the banned user...

9.2CVSS5.9AI score0.00239EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/07 12:0 a.m.5 views

PT-2026-30983

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

9.2CVSS5.9AI score0.00239EPSS
Exploits0References2
Rows per page
Query Builder