5655 matches found
CVE-2026-12799
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...
EUVD-2026-38158
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...
CVE-2026-12799 BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...
CVE-2026-12799
The CVE-2026-12799 entry concerns BerriAI litellm up to version 1.82.2. The vulnerability affects the function ui_view_users in litellm/proxy/management_endpoints/internal_user_endpoints.py (component: Incomplete Fix CVE-2025-0628) and enables improper authorization. The issue can be exploited re...
CVE-2026-12771
CVE-2026-12771 affects the litellm library by BerriAI up to version 1.82.2, specifically in litellm/proxy/auth/user_api_key_auth.py (M2M JWT Handler). The flaw enables improper authorization via remote exploitation with high attack complexity; public PoC exists. SNYK detaails identify the vulnera...
EUVD-2026-38137
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...
CVE-2026-12770
The CVE affects litellm (BerriAI) up to version 1.63.1, specifically the Admin Key Handler component and the file litellm/proxy/management_endpoints/key_management_endpoints.py. The root cause is improper authorization caused by manipulation within this endpoint, enabling a remote attacker to exp...
CVE-2026-12770 BerriAI litellm Admin Key key_management_endpoints.py improper authorization
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...
CVE-2026-12770
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...
EUVD-2026-38136
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...
PT-2026-51186
Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue in the M2M JWT Handler component, specifically within the file litellm/proxy/auth/user api key auth.py, leads to improper authorization. This flaw allows a remote attacker to bypass...
PT-2026-51182
Name of the Vulnerable Software and Affected Versions litellm versions prior to 1.63.2 Description An improper authorization issue exists in the Admin Key Handler component within the file litellm/proxy/management endpoints/key management endpoints.py. This flaw allows a remote attacker to bypass...
CVE-2026-48089
CVE-2026-48089 affects DevGuard. Before patch 1.4.2, an authenticated user, including from other orgs with no membership, could write and manage VEX rules and related vulnerability-triage endpoints on assets marked public. The root cause is improper authorization for public assets, enabling write...
BIT-DOTNET-2026-45490 .NET SDK Elevation of Privilege Vulnerability
Improper authorization in .NET allows an authorized attacker to elevate privileges locally...
BIT-DOTNET-SDK-2026-45490 .NET SDK Elevation of Privilege Vulnerability
Improper authorization in .NET allows an authorized attacker to elevate privileges locally...
Cisco Identity Services Engine (cisco-sa-ise-multi-G5WP8vv)
According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a...
CVE-2026-20190
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...
EUVD-2026-37749
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...
CVE-2026-20190
Cisco ISE and ISE-PIC are affected by CVE-2026-20190. The issue arises from improper authorization checks when accessing a resource, allowing an unauthenticated, remote attacker to view sensitive information on an affected device. Reported impact includes access to hashed credentials that could b...
PT-2026-50547
Today I received a public security credit for a vulnerability I responsibly disclosed: CVE-2026-54683 – Improper authorization in NL Portal The vulnerability allowed any authenticated portal user to download documents belonging to other users when they had access to a valid document identifier. A...