Lucene search
+L

8 matches found

Snyk
Snyk
added 2026/07/08 10:39 p.m.8 views

External Control of File Name or Path

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to External Control of File Name or Path via request-supplied OIDC file references through the /health/testconnection handler in litellm/proxy/healthendpoints/healthendpoints....

6.9CVSS6.2AI score0.00258EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/02 10:29 a.m.6 views

Incorrect Authorization

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Incorrect...

8.7CVSS7.1AI score0.00476EPSS
Exploits1References2
NVD
NVD
added 2026/03/26 9:17 p.m.3 views

CVE-2026-33621

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

6.5CVSS0.00308EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/26 8:42 p.m.28 views

CVE-2026-33621 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

4.8CVSS0.00308EPSS
Exploits1References3
OSV
OSV
added 2026/03/24 7:47 p.m.6 views

GHSA-J65M-HV65-R264 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

Summary PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in internal/handlers/middleware.go but was not inserted into the production HTTP handler chain, so...

4.8CVSS5.8AI score0.00308EPSS
Exploits1References5
Veracode
Veracode
added 2024/02/22 6:1 a.m.14 views

Missing Encryption

github.com/cilium/cilium is vulnerable to Missing Encryption. The vulnerability is due to a lack of encryption to/from the Ingress and health endpoints when CRDs are used to store the Cilium state and Wireguard transparent encryption is enabled, which allows an attacker to eavesdrop on the...

6.1CVSS7AI score0.00184EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/02/20 5:53 p.m.37 views

CVE-2024-25630 Cilium has unencrypted ingress/health traffic when using Wireguard transparent encryption

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

6.1CVSS6.3AI score0.00184EPSS
Exploits0References3
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2020/11/25 6:42 p.m.7 views

Consul's Health Check API Endpoints May Disclose Information

Summary Consul and Consul Enterprise “Consul” did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. This vulnerability affected Consul versions 1.4.1 through 1.6.2 and was assigned CVE-2020-7955. Background Consul uses Access Control...

5.3CVSS6.7AI score0.01412EPSS
Exploits0Affected Software1
Rows per page
Query Builder