8 matches found
External Control of File Name or Path
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to External Control of File Name or Path via request-supplied OIDC file references through the /health/testconnection handler in litellm/proxy/healthendpoints/healthendpoints....
Incorrect Authorization
Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Incorrect...
CVE-2026-33621
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...
CVE-2026-33621 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...
GHSA-J65M-HV65-R264 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token
Summary PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in internal/handlers/middleware.go but was not inserted into the production HTTP handler chain, so...
Missing Encryption
github.com/cilium/cilium is vulnerable to Missing Encryption. The vulnerability is due to a lack of encryption to/from the Ingress and health endpoints when CRDs are used to store the Cilium state and Wireguard transparent encryption is enabled, which allows an attacker to eavesdrop on the...
CVE-2024-25630 Cilium has unencrypted ingress/health traffic when using Wireguard transparent encryption
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...
Consul's Health Check API Endpoints May Disclose Information
Summary Consul and Consul Enterprise “Consul” did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. This vulnerability affected Consul versions 1.4.1 through 1.6.2 and was assigned CVE-2020-7955. Background Consul uses Access Control...