CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

CVE-2026-12772

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS6.2AI score0.00206EPSS

Exploits0References5Affected Software1

Cvelist•added 3 days ago•34 views

CVE-2026-12772 BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration

6.5CVSS0.00206EPSS

Exploits0References5

NCSC•added 2026/05/21 7:55 a.m.•11 views

Flattening of vulnerability issues within the Drupal core

Drupal has identified a vulnerability in the Drupal core versions starting from 8.9.0, specifically versions 10.x and 11.x. The vulnerability involves SQL injection in the Drupal’s database abstraction API. As a result, unauthorized malicious actors can execute arbitrary SQL injections on sites...

9.8CVSS6.2AI score0.84631EPSS

Exploits12References1

OSV•added 2026/05/17 2:51 p.m.•4 views

MAL-2026-3810 Malicious code in @pluxee-connect/account-db-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49a36af66b1c55fbf7a78529c1fe2d15b819cef018300a03cdc8e0a1b59f36c9 Version 99.0.0 of this package targets an internal-looking npm scope and ships a postinstall.js that, on every npm install, reads os.hostname,...

5.8AI score

Exploits0References2

CVE•added 2026/04/23 3:44 a.m.•14 views

CVE-2026-41229

Summary (CVE-2026-41229) Froxlor prior to v2.3.6 contains a PHP code injection flaw in the generation of userdata.inc.php. PhpHelper::parseArrayToString() writes string values into single-quoted PHP literals without escaping single quotes. When an admin with change_serversettings updates a MySQL ...

9.1CVSS5.9AI score0.0048EPSS

Exploits1References3Affected Software1

Tenable Nessus•added 2026/01/20 12:0 a.m.•6 views

MiracleLinux 8 : mysql:8.0 (AXSA:2020-844:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-844:01 advisory. mysql: Server: Security: Privileges multiple unspecified vulnerabilities CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774...

7.2CVSS7.7AI score0.03829EPSS

Exploits1References16

GithubExploit•added 2025/10/30 8:7 a.m.•125 views

cafeorder_vuln_SQL

cafeordervulnSQL Proof-of-Concept and Advisory for Simple Ca...

8.2AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2013-2799

Malware in sbrugna...

7.5CVSS6AI score0.01095EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2016-6101

Malware in sbrugna...

8.8CVSS9.1AI score0.01269EPSS

Exploits0References18

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2015-6597

Malicious code in bioql PyPI...

7.5CVSS6.2AI score0.0506EPSS

Exploits0References12

OSV•added 2022/01/12 3:15 p.m.•4 views

CVE-2021-44652

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component...

7.8CVSS7.7AI score0.02565EPSS

Exploits0References1

RedHat Linux•added 2016/09/16 7:27 a.m.•4 views

chromium-browser: use after free in blink

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified oth...

8.8CVSS7.5AI score0.01118EPSS

Exploits0References5

RedhatCVE•added 2016/09/14 7:18 a.m.•30 views

CVE-2016-5170

8.8CVSS6.8AI score0.01118EPSS

Exploits0References2

NVD•added 2016/09/11 10:59 a.m.•18 views

CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database aka IndexedDB API implementation that does not properly restrict key-path evaluation, which allows remote...

8.8CVSS9.1AI score0.01269EPSS

Exploits0References12

Mageia•added 2015/08/27 8:49 p.m.•33 views

Updated drupal packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files CVE-2015-6658. SQL injection vulnerability in the SQL comment filtering system in the Database API i...

7.5CVSS7.2AI score0.0506EPSS

Exploits0References4

UbuntuCve•added 2015/08/24 2:59 p.m.•35 views

CVE-2015-6659

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment...

7.5CVSS6AI score0.0506EPSS

Exploits0References2

Prion•added 2015/08/24 2:59 p.m.•17 views

Sql injection

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment...

7.5CVSS8.8AI score0.0506EPSS

Exploits0References10Affected Software1

OSV•added 2015/08/24 2:59 p.m.•1 views

UBUNTU-CVE-2015-6659

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment...

7.5CVSS6.2AI score0.0506EPSS

Exploits0References3

CVE•added 2015/08/24 2:0 p.m.•72 views

CVE-2015-6659

Drupal 7.x contains a SQL injection vulnerability in the SQL comment filtering system of the Drupal Database API, exploitable before 7.39. Remote attackers can execute arbitrary SQL via an SQL comment. A patch/update to Drupal 7.39 fixes this vulnerability; apply or upgrade to 7.39 or later. If p...

7.5CVSS8.2AI score0.0506EPSS

Exploits0References10Affected Software1