Lucene search
K

10 matches found

OSV
OSV
added 3 days ago5 views

PYSEC-2026-389 litellm vulnerable to remote code execution based on using eval unsafely

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the adddeployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sendin...

9.8CVSS7.6AI score0.00875EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/24 9:15 a.m.15 views

EUVD-2026-31584

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

6.3CVSS5.1AI score0.00202EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/02/07 12:25 a.m.4 views

SUSE CVE-2026-22822

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

9.3CVSS5.3AI score0.00175EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/04 10:28 p.m.4 views

CVE-2026-22038 AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...

8.1CVSS5.4AI score0.00433EPSS
Exploits1References2
CVE
CVE
added 2026/02/04 10:28 p.m.13 views

CVE-2026-22038

CVE-2026-22038 affects AutoGPT prior to platform-beta-v0.6.46. The vulnerability arises when Stagehand blocks log API keys and authentication secrets in plaintext via logger.info() in StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock, where api_key.get_secret_value() is logged. ...

8.1CVSS5.4AI score0.00433EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/03 8:37 p.m.3 views

GO-2026-4330 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function in github.com/external-secrets/external-secrets

External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function in github.com/external-secrets/external-secrets...

9.3CVSS5.2AI score0.00175EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6506

External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function in github.com/external-secrets/external-secrets...

5.4AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/21 9:22 p.m.4 views

CVE-2026-22822

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

9.3CVSS5.3AI score0.00175EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/01/21 9:22 p.m.10 views

CVE-2026-22822 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

9.3CVSS5.5AI score0.00175EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.5 views

External Secrets Security Vulnerabilities

External Secrets is an open-source Kubernetes-related application developed by External Secrets. There were security vulnerabilities in versions 0.20.2 to 1.2.0 of External Secrets. These vulnerabilities stemmed from the getSecretKey template function, which allowed access to secrets across...

9.3CVSS5.8AI score0.00175EPSS
Exploits0References5
Rows per page
Query Builder