CVE-2026-12771

CVE-2026-12771 affects BerriAI litellm up to 1.82.2. The vulnerability is tied to an unknown function in litellm/proxy/auth/user_api_key_auth.py within the M2M JWT Handler and leads to improper authorization. It can be exploited remotely with high attack complexity (CVSS 4.0/AV:N/AC:H/PR:L/UI:N/S...

CVE-2026-12770

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

CVE-2026-12770

CVE-2026-12770 affects BerriAI litellm up to version 1.63.1. The vulnerability resides in an unknown function within litellm/proxy/management_endpoints/key_management_endpoints.py, in the Admin Key Handler component, causing improper authorization. It is exploitable remotely, and public exploitat...

EUVD-2026-38136

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

PT-2026-51258

Name of the Vulnerable Software and Affected Versions kortix-ai suna versions prior to 0.8.39 Description A flaw in the Auth Endpoint component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted websites. The issue exists within the...

PT-2026-51260

Name of the Vulnerable Software and Affected Versions activepieces versions prior to 0.83.1 Description An issue exists in the File URL Handler component within the handleUrlFile function located in the packages/server/engine/src/lib/variables/processors/file.ts library. This flaw allows for remo...

PT-2026-51199

Name of the Vulnerable Software and Affected Versions Montodel House-Rental-Management versions prior to 90010017b81265eb1ef3810268909f7719a33863 Description A SQL injection issue exists in the '/login.php' endpoint. Remote attackers can exploit this by manipulating the Username parameter. SQL...

PT-2026-51259

Name of the Vulnerable Software and Affected Versions Radware Cyber Controller versions prior to 10.11.0 Description An issue exists within the HTML Report Generation component that allows for HTML injection. This flaw can be exploited remotely to inject malicious HTML code into reports...

PT-2026-51263

A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack...

SUSE CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

PT-2026-51137

Name of the Vulnerable Software and Affected Versions iCagenda versions prior to 4.0.8 Description The iCagenda extension for Joomla contains a flaw in the file attachment feature of its public event submission form. Due to improper restriction of file types, unauthenticated attackers can upload...

EUVD-2026-38087

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

CVE-2008-1092

creationtimestamp| type| source ---|---|--- 2026-06-19 16:45:42+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/b3532d4f-8337-4947-9d70-0ff69b988c66 2026-06-23 14:04:17+00:00| exploited|...

CVE-2013-1904

creationtimestamp| type| source ---|---|--- 2026-06-19 16:45:35+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/2895e391-349d-4351-b274-f75a1d633be7 2026-06-23 14:04:08+00:00| exploited|...

CVE-2021-24217

creationtimestamp| type| source ---|---|--- 2026-06-19 12:48:06+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/b4d293c6-01ac-4be3-99ba-fd4146b800cc 2026-06-23 14:04:02+00:00| exploited|...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.164, using "after free" in WebSerial with Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in binutils

A flaw has been discovered in GNU Binutils 2.45. The affected function is bfdelfparseehframe in the file bfd/elf-eh-frame.c of the Linker component. Executing certain manipulations can lead to a heap-based buffer overflow. This attack is limited to local executions. The exploit has been published...

Astra Linux – Vulnerability in Chromium

In Google Chrome versions prior to 87.0.4280.88, uninitialized use of V8 allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

The use of Translate in Google Chrome before version 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...