Lucene search
K

2801 matches found

EUVD
EUVD
added 2 days ago9 views

EUVD-2026-40441

Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers can bypass backend validation by directly updating the public.orgs table from the browser,...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-56333

Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers can bypass backend validation by directly updating the public.orgs table from the browser,...

5.3CVSS0.00234EPSS
Exploits0References2
CVE
CVE
added 3 days ago12 views

CVE-2025-36359

CVE-2025-36359 affects IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2. The root cause is that session IDs are not invalidated after expiration, enabling an authenticated user to impersonate another user on the system. The IBM security bulletin confirms a CVSS v3.1 base score of 8.1 (HIGH) ...

8.1CVSS5.8AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago30 views

CVE-2025-36359 IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...

8.1CVSS0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-12772

A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the authenticateuser function within the PROXYADMIN database API Key Generator component. By performing a specific manipulation, an attacker can cause session expiration for users, leading to a denial of servi...

6.5CVSS6.5AI score0.00262EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 3:27 p.m.3 views

Security Bulletin: IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability. [CVE-2025-36359]

Summary IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability, which could allow an attacker to continue accessing protected resources using expired authentication tokens. Vulnerability Details CVEID:CVE-2025-36359 DESCRIPTION: IBM DevOps Loop does not invalidate...

8.1CVSS5.9AI score0.00201EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/25 8:39 a.m.11 views

CVE-2026-53214

The CVE-2026-53214 entry concerns the Linux kernel IPv6 code. The vulnerability occurs when addrconf_get_prefix_route() can return the fib6_null_entry sentinel, which has a NULL fib6_table pointer. Before setting a route’s expiration time, the code must verify that it is not operating on the fib6...

5.5CVSS5.8AI score0.00168EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in libsoup2.4, libsoup3

A flaw was discovered in the cookie parsing logic of the libsoup HTTP library, which is used in GNOME applications and other software. The vulnerability arises when processing the expiration dates of cookies, where a specially crafted value can trigger an integer overflow. This may lead to...

3.7CVSS6.2AI score0.00538EPSS
Exploits0References4
Microsoft KB
Microsoft KB
added 2026/06/23 12:0 a.m.51 views

June 23, 2026—KB5095093 (OS Builds 26200.8737 and 26100.8737) Preview

June 23, 2026—KB5095093 OS Builds 26200.8737 and 26100.8737 Preview ​​​​This cumulative update for Windows 11, version 25H2 and 24H2 KB5095093, includes production-quality improvements. Announcements and messages This section provides key notifications related to this release, including...

5.8AI score
Exploits0
NVD
NVD
added 2026/06/21 10:16 a.m.13 views

CVE-2026-12796

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS0.00358EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/21 9:0 a.m.31 views

CVE-2026-12796 BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS0.00358EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 9:0 a.m.3 views

CVE-2026-12796

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS6.2AI score0.00358EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/21 9:0 a.m.7 views

EUVD-2026-38155

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS6.2AI score0.00358EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 9:0 a.m.12 views

CVE-2026-12796

Affected software/impact: BerriAI litellm (up to version 1.82.2), specifically the get_redirect_response_from_openid function in litellm/proxy/management_endpoints/ui_sso.py of the SSO Authentication Flow. Root cause / vulnerability detail: The description states that manipulation leads to sessio...

6.5CVSS6.2AI score0.00358EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/06/21 3:16 a.m.16 views

CVE-2026-12772

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS0.00262EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/21 2:39 a.m.6 views

Insufficient Session Expiration

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Insufficient Session Expiration in the authenticateuser function. An attacker can gain unauthorized access or maintain access to sensitive information by exploiting session...

7.1CVSS6.6AI score0.00262EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 2:0 a.m.7 views

CVE-2026-12772

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/21 2:0 a.m.9 views

EUVD-2026-38138

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 2:0 a.m.25 views

CVE-2026-12772

CVE-2026-12772 affects BerriAI litellm up to 1.82.2, impacting the authenticate_user path in litellm/proxy/auth/login_utils.py for the PROXY_ADMIN database API Key Generator. Description indicates that manipulating input can cause session expiration and that the issue can be exploited remotely; e...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/06/21 2:0 a.m.38 views

CVE-2026-12772 BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS0.00262EPSS
Exploits1References5
Rows per page
Query Builder