PT-2026-44553

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/block id/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in t...

CVE-2026-30926

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...

PT-2026-1587

Name of the Vulnerable Software and Affected Versions Rankology SEO and Analytics Tool versions prior to 2.1 Description The Rankology SEO and Analytics Tool plugin for WordPress has an issue where data can be modified without proper authorization. This is due to a flawed capability check on the...

CVE-2025-45809

SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints...

BerriAI LiteLLM 安全漏洞

BerriAI LiteLLM is a BerriAI open source Python library for invoking large language models. A security vulnerability exists in BerriAI LiteLLM v1.65.4, which stems from a SQL injection vulnerability in the /key/block endpoint...

CVE-2025-45809

CVE-2025-45809 affects BerriAI litellm v1.65.4. The vulnerability is a SQL injection through the /key/block endpoint, enabling an attacker (proxy_admin_viewer) to brute-force files (PoC shows database read via pg_read_file and timing-based checks). The SNYK entry confirms the SQL injection and pr...