Lucene search
K

5655 matches found

NVD
NVD
added 2026/06/21 10:16 a.m.13 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 10:0 a.m.9 views

EUVD-2026-38158

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

8.1CVSS6AI score0.00315EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/21 10:0 a.m.32 views

CVE-2026-12799 BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 10:0 a.m.33 views

CVE-2026-12799

The CVE-2026-12799 entry concerns BerriAI litellm up to version 1.82.2. The vulnerability affects the function ui_view_users in litellm/proxy/management_endpoints/internal_user_endpoints.py (component: Incomplete Fix CVE-2025-0628) and enables improper authorization. The issue can be exploited re...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/06/21 1:0 a.m.23 views

CVE-2026-12771

CVE-2026-12771 affects the litellm library by BerriAI up to version 1.82.2, specifically in litellm/proxy/auth/user_api_key_auth.py (M2M JWT Handler). The flaw enables improper authorization via remote exploitation with high attack complexity; public PoC exists. SNYK detaails identify the vulnera...

7.5CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/21 1:0 a.m.10 views

EUVD-2026-38137

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...

5CVSS5.3AI score0.00288EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 12:15 a.m.41 views

CVE-2026-12770

The CVE affects litellm (BerriAI) up to version 1.63.1, specifically the Admin Key Handler component and the file litellm/proxy/management_endpoints/key_management_endpoints.py. The root cause is improper authorization caused by manipulation within this endpoint, enabling a remote attacker to exp...

8.8CVSS5.5AI score0.00337EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/06/21 12:15 a.m.41 views

CVE-2026-12770 BerriAI litellm Admin Key key_management_endpoints.py improper authorization

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

5.5CVSS0.00337EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/06/21 12:15 a.m.7 views

CVE-2026-12770

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2026/06/21 12:15 a.m.8 views

EUVD-2026-38136

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.15 views

PT-2026-51186

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue in the M2M JWT Handler component, specifically within the file litellm/proxy/auth/user api key auth.py, leads to improper authorization. This flaw allows a remote attacker to bypass...

7.5CVSS5.9AI score0.00288EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51182

Name of the Vulnerable Software and Affected Versions litellm versions prior to 1.63.2 Description An improper authorization issue exists in the Admin Key Handler component within the file litellm/proxy/management endpoints/key management endpoints.py. This flaw allows a remote attacker to bypass...

8.8CVSS6.1AI score0.00337EPSS
Exploits1References14
CVE
CVE
added 2026/06/19 7:38 p.m.25 views

CVE-2026-48089

CVE-2026-48089 affects DevGuard. Before patch 1.4.2, an authenticated user, including from other orgs with no membership, could write and manage VEX rules and related vulnerability-triage endpoints on assets marked public. The root cause is improper authorization for public assets, enabling write...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 9:47 a.m.5 views

BIT-DOTNET-2026-45490 .NET SDK Elevation of Privilege Vulnerability

Improper authorization in .NET allows an authorized attacker to elevate privileges locally...

7.8CVSS5.2AI score0.00384EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 9:47 a.m.7 views

BIT-DOTNET-SDK-2026-45490 .NET SDK Elevation of Privilege Vulnerability

Improper authorization in .NET allows an authorized attacker to elevate privileges locally...

7.8CVSS5.3AI score0.00384EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.7 views

Cisco Identity Services Engine (cisco-sa-ise-multi-G5WP8vv)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a...

7.5CVSS5.9AI score0.00407EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 5:16 p.m.12 views

CVE-2026-20190

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

7.5CVSS0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 4:17 p.m.9 views

EUVD-2026-37749

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

7.5CVSS5.4AI score0.00407EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 4:17 p.m.81 views

CVE-2026-20190

Cisco ISE and ISE-PIC are affected by CVE-2026-20190. The issue arises from improper authorization checks when accessing a resource, allowing an unauthenticated, remote attacker to view sensitive information on an affected device. Reported impact includes access to hashed credentials that could b...

7.5CVSS5.5AI score0.00407EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.12 views

PT-2026-50547

Today I received a public security credit for a vulnerability I responsibly disclosed: CVE-2026-54683 – Improper authorization in NL Portal The vulnerability allowed any authenticated portal user to download documents belonging to other users when they had access to a valid document identifier. A...

6.5CVSS5.2AI score
Exploits0References7
Rows per page
Query Builder