Lucene search
+L

46 matches found

OSV
OSV
added 6 days ago5 views

CVE-2026-62242 Spring Boot Admin Server < 4.1.2 SSRF via Unauthenticated Instance Registration

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...

7.7CVSS6.2AI score0.00283EPSS
Exploits0References8
NVD
NVD
added 2026/07/08 8:16 p.m.10 views

CVE-2026-59819

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...

4.9CVSS0.00258EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 7:33 p.m.7 views

CVE-2026-59819 LiteLLM: Local file read via request-supplied OIDC file references

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...

2.1CVSS6.1AI score0.00258EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56542

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.10-stable Description LiteLLM is a proxy server that functions as an AI Gateway for calling LLM APIs. The '/health/test connection' endpoint resolves request-supplied environment and OIDC file references within t...

2.1CVSS6.1AI score0.00258EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.6 views

PT-2026-53140

praisonai: recipe serve authentication middleware silently disables itself when no secret is set Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Target: https://github.com/MervinPraison/PraisonAI --- Package: praisonai on PyPI Version tested: 4.6.48...

9.8CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2026/06/02 9:16 a.m.17 views

CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS0.00476EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/05/19 1:39 a.m.141 views

Exploit for CVE-2025-11203

CVE-2025-11203 – LiteLLM Health Endpoint APIKEY Information D...

3.5CVSS5.7AI score0.00422EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/04/24 3:26 p.m.146 views

security-audit

security-audit A Claude Code skill + plugin marketplace for a...

5.7AI score
Exploits0
NVD
NVD
added 2026/04/17 2:16 p.m.7 views

CVE-2026-6492

A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure...

6.9CVSS0.00384EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.8 views

PT-2026-33456

A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure...

6.9CVSS5.4AI score0.00384EPSS
Exploits0References6
NVD
NVD
added 2026/04/08 9:17 p.m.6 views

CVE-2026-39889

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. The createa2uroutes function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe,...

7.5CVSS0.00425EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:44 p.m.2 views

CVE-2026-39889 PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. The createa2uroutes function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe,...

7.5CVSS5.8AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:44 p.m.20 views

CVE-2026-39889 PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. The createa2uroutes function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe,...

7.5CVSS0.00425EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:44 p.m.30 views

CVE-2026-39889

PraisonAI's A2U event stream server exposes all agent activity without authentication prior to version 4.5.115. The create_a2u_routes() function registers endpoints /a2u/info, /a2u/subscribe, /a2u/events/{stream_name}, /a2u/events/sub/{id}, and /a2u/health with no auth checks, enabling unauthenti...

7.5CVSS5.9AI score0.00425EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:21 p.m.8 views

PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server

The A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952. The createa2uroutes function registers the following endpoints with NO authentication checks: - GET /a2u/info —...

7.5CVSS6AI score0.00425EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/24 7:47 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling incomplete enforcement of request throttling in the HTTP handler chain, allowing repeated authentication attempts against endpoints such as /health without per-IP rate limiting. An...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.7 views

CVE-2026-29787

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...

5.3CVSS5.7AI score0.00369EPSS
Exploits1References1
NVD
NVD
added 2026/03/07 4:15 p.m.6 views

CVE-2026-29787

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...

5.3CVSS0.00369EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/07 3:34 p.m.29 views

CVE-2026-29787 mcp-memory-service: System Information Disclosure via Health Endpoint

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...

5.3CVSS0.00369EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/07 3:34 p.m.2 views

CVE-2026-29787 mcp-memory-service: System Information Disclosure via Health Endpoint

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...

5.3CVSS5.7AI score0.00369EPSS
Exploits1References2
Rows per page
Query Builder